Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 8: Outlook & iTunes werden nach kurzer Zeit automatische geschlossen (https://www.trojaner-board.de/165598-windows-8-outlook-itunes-kurzer-zeit-automatische-geschlossen.html)

kmuench 29.03.2015 14:17
Windows 8: Outlook & iTunes werden nach kurzer Zeit automatische geschlossen
 
Hallo zusammen,

bei meinem Windows 8 Rechner (Version 8.1) wird sofort nach dem Öffnen von Outlook das Programm wieder automatisch geschlossen. Sämtliche Reperaturversuche wurden durchgeführt, haben das Problem aber nicht beseitigt. Nachdem heute iTunes installiert wurde, tritt bei iTunes das sekbe Problem auf. MalewareBytes meldet verdächtige Funde. Hier die Log-Dateien. Vielen Dank für die Hilfe im Viraus. Anbei die verschiedenen txt-Dateien


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Kristina (administrator) on TOGO on 29-03-2015 14:47:00
Running from C:\Users\Kristina\Downloads
Loaded Profiles: Kristina (Available profiles: Kristina)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Pokki) C:\Users\Kristina\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\Core\mchost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\msdt.exe
(Microsoft Corporation) C:\Windows\System32\msdt.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-03-26] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-01-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-10-17] (Realtek semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2781936 2013-12-19] (Synaptics Incorporated)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-11-28] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-11-28] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-11-28] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-11-28] (Lenovo(beijing) Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119280 2014-01-06] (Lenovo)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3852607773-491357534-3998752114-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-3852607773-491357534-3998752114-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3852607773-491357534-3998752114-1001\...\RunOnce: [Adobe Speed Launcher] => 1427631717
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [263952 2015-03-16] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [223504 2015-03-16] (Client Connect LTD)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3852607773-491357534-3998752114-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3852607773-491357534-3998752114-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3852607773-491357534-3998752114-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3852607773-491357534-3998752114-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=ME1446586-EA9A-48E7-AFA7-5A46E98FB637&SearchSource=58&CUI=&UM=8&UP=SP37B1D47F-64B6-4F94-9C27-280E242A1A11&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3852607773-491357534-3998752114-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=ME1446586-EA9A-48E7-AFA7-5A46E98FB637&SearchSource=58&CUI=&UM=8&UP=SP37B1D47F-64B6-4F94-9C27-280E242A1A11&q={searchTerms}&SSPV=
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-01-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-01-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\2rdgd1bv.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=ME1446586-EA9A-48E7-AFA7-5A46E98FB637&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP37B1D47F-64B6-4F94-9C27-280E242A1A11
FF DefaultSearchEngine: Trovi
FF SelectedSearchEngine: Trovi
FF Homepage: hxxp://www.google.de/
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\vlc\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\2rdgd1bv.default\searchplugins\trovi.xml [2015-03-29]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-11-28]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-28]
CHR Extension: (Docs) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-28]
CHR Extension: (Google Drive) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-28]
CHR Extension: (YouTube) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-28]
CHR Extension: (Google Search) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]
CHR Extension: (Google Sheets) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-28]
CHR Extension: (Google Wallet) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-28]
CHR Extension: (Gmail) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] ()
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3251472 2015-03-16] (Client Connect LTD)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-03-26] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-10] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-22] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-11-28] (Lenovo(beijing) Limited)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-11-28] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-24] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-24] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-11-28] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-11-28] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-11-28] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [33040 2014-11-28] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2014-01-06] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
S3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3433952 2014-02-18] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-17] (Realtek Semiconductor Corp.)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-19] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]
U3 uxtdipog; \??\C:\Users\Kristina\AppData\Local\Temp\uxtdipog.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 14:39 - 2015-03-29 14:39 - 00013194 _____ () C:\Users\Kristina\Desktop\Gmer.txt
2015-03-29 14:24 - 2015-03-29 14:24 - 00380416 _____ () C:\Users\Kristina\Downloads\Gmer-19357.exe
2015-03-29 14:23 - 2015-03-29 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-03-29 11:26 - 2015-03-29 11:27 - 00029833 _____ () C:\Users\Kristina\Downloads\Addition.txt
2015-03-29 11:25 - 2015-03-29 14:47 - 00023447 _____ () C:\Users\Kristina\Downloads\FRST.txt
2015-03-29 11:25 - 2015-03-29 14:47 - 00000000 ____D () C:\FRST
2015-03-29 11:24 - 2015-03-29 11:24 - 02095616 _____ (Farbar) C:\Users\Kristina\Downloads\FRST64.exe
2015-03-29 11:21 - 2015-03-29 11:21 - 00050477 _____ () C:\Users\Kristina\Downloads\Defogger.exe
2015-03-29 11:21 - 2015-03-29 11:21 - 00000478 _____ () C:\Users\Kristina\Downloads\defogger_disable.log
2015-03-29 11:21 - 2015-03-29 11:21 - 00000000 _____ () C:\Users\Kristina\defogger_reenable
2015-03-29 11:05 - 2015-03-29 11:05 - 00021404 _____ () C:\Users\Kristina\Desktop\Malewarebytes.txt
2015-03-29 10:54 - 2015-03-29 10:54 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-29 10:54 - 2015-03-29 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-29 10:54 - 2015-03-29 10:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-29 10:54 - 2015-03-29 10:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-29 10:54 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-29 10:54 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-29 10:54 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-29 10:53 - 2015-03-29 10:53 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Kristina\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-29 10:51 - 2015-03-29 10:51 - 00001776 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-29 10:51 - 2015-03-29 10:51 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Apple Computer
2015-03-29 10:51 - 2015-03-29 10:51 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Apple Computer
2015-03-29 10:51 - 2015-03-29 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-29 10:51 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2015-03-29 10:50 - 2015-03-29 10:51 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-29 10:50 - 2015-03-29 10:51 - 00000000 ____D () C:\Program Files\iTunes
2015-03-29 10:50 - 2015-03-29 10:50 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-29 10:50 - 2015-03-29 10:50 - 00000000 ____D () C:\Program Files\iPod
2015-03-29 10:50 - 2015-03-29 10:50 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-29 10:49 - 2015-03-29 10:50 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-29 10:49 - 2015-03-29 10:49 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-03-29 10:49 - 2015-03-29 10:49 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2015-03-29 10:49 - 2015-03-29 10:49 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Apple
2015-03-29 10:49 - 2015-03-29 10:49 - 00000000 ____D () C:\Program Files\Bonjour
2015-03-29 10:49 - 2015-03-29 10:49 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-03-29 10:49 - 2015-03-29 10:49 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-03-29 10:47 - 2015-03-29 10:48 - 152428336 _____ (Apple Inc.) C:\Users\Kristina\Downloads\itunes6464setup.exe
2015-03-28 21:40 - 2015-03-29 14:41 - 00187375 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-28 13:00 - 2015-03-28 13:02 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-28 13:00 - 2015-03-28 13:00 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Google
2015-03-24 16:06 - 2015-03-24 16:09 - 00000000 ____D () C:\Users\Kristina\Documents\Daten
2015-03-22 20:36 - 2015-03-22 20:37 - 00000000 ____D () C:\Users\Kristina\AppData\Local\avaavxvyex
2015-03-22 20:36 - 2015-03-22 20:36 - 00003468 _____ () C:\WINDOWS\System32\Tasks\avaavxvyex
2015-03-22 15:37 - 2015-03-22 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-19 18:31 - 2015-03-19 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chemie - Aber Sicher
2015-03-18 23:55 - 2015-03-18 23:55 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\PowerISO
2015-03-15 12:42 - 2015-02-07 01:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-15 12:42 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-15 12:42 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-15 12:42 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-15 12:42 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-15 12:42 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-15 12:42 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-15 12:42 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-15 12:42 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-15 12:42 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-15 12:42 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-15 12:42 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-15 12:42 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-15 12:42 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-15 12:42 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-15 12:42 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-15 12:42 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-15 12:42 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-15 12:42 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-15 12:42 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-15 12:42 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-15 12:42 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-15 12:42 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-15 12:42 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-15 12:42 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-15 12:42 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-15 12:42 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-15 12:42 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-15 12:42 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-15 12:42 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-15 12:42 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-15 12:42 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-15 12:42 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-15 12:42 - 2014-10-29 04:46 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2015-03-15 12:42 - 2014-10-29 04:46 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2015-03-15 12:42 - 2014-10-29 04:45 - 01198080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-03-15 12:42 - 2014-10-29 04:43 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe
2015-03-15 12:42 - 2014-10-29 04:34 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-03-15 12:42 - 2014-10-29 04:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2015-03-15 12:42 - 2014-10-29 04:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2015-03-15 12:42 - 2014-10-29 04:04 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll
2015-03-15 12:42 - 2014-10-29 04:03 - 00241152 ____C (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe
2015-03-15 12:42 - 2014-10-29 03:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe
2015-03-15 12:42 - 2014-10-29 03:52 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2015-03-15 12:42 - 2014-10-29 03:51 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-03-15 12:42 - 2014-10-29 03:45 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2015-03-15 12:42 - 2014-10-29 03:28 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2015-03-15 12:42 - 2014-10-29 03:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll
2015-03-15 12:42 - 2014-10-29 03:20 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-03-15 12:42 - 2014-10-29 03:15 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2015-03-15 12:42 - 2014-10-29 03:13 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-03-15 12:42 - 2014-10-29 02:55 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-03-15 12:42 - 2014-10-29 02:55 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2015-03-15 12:42 - 2014-10-29 02:44 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2015-03-15 12:42 - 2014-10-29 02:41 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2015-03-15 12:42 - 2014-10-29 02:35 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2015-03-15 12:41 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-15 12:41 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-15 12:41 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-15 12:41 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-15 12:41 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-15 12:41 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-15 12:41 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-15 12:41 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-15 12:41 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-15 12:41 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-15 12:41 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-15 12:41 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-15 12:41 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-15 12:41 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-15 12:41 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-15 12:41 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-15 12:41 - 2014-10-29 03:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2015-03-15 12:41 - 2014-10-29 02:59 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll
2015-03-11 18:14 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-11 18:14 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-11 18:14 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-11 18:14 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-11 18:14 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-11 18:14 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-11 18:14 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-11 18:14 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-11 18:14 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-11 18:14 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-11 18:14 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-11 18:14 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-11 18:14 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-11 18:14 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-11 18:14 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-11 18:14 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-11 18:14 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-11 18:14 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-11 18:14 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-11 18:14 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-11 18:14 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-11 18:14 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-11 18:14 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-11 18:14 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-11 18:14 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-11 18:14 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-11 18:14 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-11 18:14 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-11 18:14 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-11 18:14 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-11 18:14 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-11 18:14 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-11 18:14 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-11 18:14 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-11 18:14 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-11 18:14 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-11 18:14 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-11 18:14 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-11 18:14 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-11 18:14 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-11 18:14 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-11 18:14 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-11 18:14 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-11 18:14 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-11 18:14 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-11 18:14 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-11 18:14 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-11 18:14 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-11 18:14 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-11 18:14 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-11 18:14 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-11 18:14 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-11 18:14 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-11 18:14 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-11 18:14 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-11 18:14 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-11 18:14 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-11 18:14 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-11 18:14 - 2014-10-29 05:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-03-11 18:14 - 2014-10-29 04:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-03-11 18:14 - 2014-10-29 04:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-03-11 18:14 - 2014-10-29 04:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-03-11 18:14 - 2014-10-29 04:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-03-11 18:14 - 2014-10-29 04:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-03-11 18:14 - 2014-10-29 04:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-03-11 18:14 - 2014-10-29 04:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-03-07 18:59 - 2015-03-29 14:22 - 00000000 ____D () C:\Users\Kristina\Documents\Outlook-Dateien
2015-03-05 20:01 - 2015-03-05 20:01 - 00001111 _____ () C:\Users\Kristina\Desktop\FreeCommander XE.lnk
2015-03-05 20:01 - 2015-03-05 20:01 - 00000000 ____D () C:\Users\Kristina\AppData\Local\FreeCommanderXE
2015-03-05 20:01 - 2015-03-05 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCommander XE
2015-03-05 20:01 - 2015-03-05 20:01 - 00000000 ____D () C:\Program Files (x86)\FreeCommander XE
2015-03-04 18:52 - 2015-03-27 11:31 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Nitro PDF
2015-03-02 21:13 - 2015-03-02 21:13 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\vlc
2015-03-02 21:06 - 2015-03-02 21:06 - 00000958 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-02 21:06 - 2015-03-02 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-02 21:06 - 2015-03-02 21:06 - 00000000 ____D () C:\Program Files (x86)\vlc
2015-03-02 20:53 - 2015-03-22 20:36 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-03-02 20:53 - 2015-03-02 20:53 - 00000000 ____D () C:\Users\Kristina\AppData\Local\SearchProtect
2015-03-02 20:52 - 2015-03-02 20:52 - 00000835 _____ () C:\Users\Public\Desktop\PowerISO.lnk
2015-03-02 20:52 - 2015-03-02 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-03-02 20:52 - 2015-03-02 20:52 - 00000000 ____D () C:\Program Files\PowerISO
2015-03-02 20:52 - 2014-10-08 15:13 - 00127760 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys
2015-03-02 18:31 - 2015-03-02 18:31 - 00000000 __SHD () C:\Users\Kristina\AppData\Local\EmieBrowserModeList
2015-03-02 17:07 - 2015-03-29 10:49 - 00000000 ____D () C:\ProgramData\Apple
2015-03-02 17:07 - 2015-03-02 17:07 - 00001180 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk
2015-03-02 17:07 - 2015-03-02 17:07 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\com.wd.WDMyCloud
2015-03-02 17:07 - 2015-03-02 17:07 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Western Digital
2015-03-02 17:07 - 2015-03-02 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-03-02 17:07 - 2015-03-02 17:07 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-03-02 10:22 - 2015-03-15 13:18 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-02 10:22 - 2015-03-15 13:15 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-02 10:20 - 2015-03-02 10:20 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-03-02 10:20 - 2015-03-02 10:20 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-03-02 00:09 - 2015-03-19 18:22 - 00000000 ____D () C:\Programme_Schule
2015-03-01 17:47 - 2014-11-10 04:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-03-01 17:47 - 2014-11-10 03:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-03-01 17:47 - 2014-09-22 06:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-03-01 17:47 - 2014-09-19 02:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-03-01 17:46 - 2014-12-09 05:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-03-01 17:46 - 2014-12-09 03:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-03-01 17:46 - 2014-10-31 01:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-03-01 17:46 - 2014-10-31 01:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-03-01 17:46 - 2014-09-27 09:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-03-01 17:46 - 2014-09-27 07:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-03-01 17:46 - 2014-09-27 05:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-03-01 17:45 - 2015-01-16 00:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-03-01 17:45 - 2015-01-16 00:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-03-01 17:45 - 2015-01-14 06:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-03-01 17:45 - 2015-01-14 05:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-03-01 17:45 - 2014-12-09 03:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-03-01 17:45 - 2014-10-29 04:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-03-01 17:45 - 2014-10-29 04:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-03-01 17:45 - 2014-10-29 04:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-03-01 17:45 - 2014-10-29 04:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-03-01 17:45 - 2014-10-29 04:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-03-01 17:45 - 2014-10-29 04:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-03-01 17:45 - 2014-10-29 03:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-03-01 17:45 - 2014-10-29 03:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-03-01 17:45 - 2014-10-29 03:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-03-01 17:45 - 2014-10-29 03:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-03-01 17:45 - 2014-10-29 03:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-03-01 17:45 - 2014-10-29 03:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-03-01 17:45 - 2014-10-29 03:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-03-01 17:44 - 2014-12-19 10:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-03-01 17:44 - 2014-12-19 10:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-03-01 17:44 - 2014-12-19 08:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-03-01 17:44 - 2014-12-13 23:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-03-01 17:44 - 2014-12-13 23:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-03-01 17:44 - 2014-12-12 04:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-03-01 17:44 - 2014-12-12 02:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-03-01 17:44 - 2014-10-29 03:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-03-01 17:44 - 2014-10-29 03:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-03-01 17:44 - 2014-10-29 03:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-03-01 17:44 - 2014-10-29 03:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-03-01 17:44 - 2014-10-13 04:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-03-01 17:44 - 2014-10-11 02:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-03-01 17:44 - 2014-10-11 02:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-03-01 17:44 - 2014-10-08 09:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2015-03-01 17:44 - 2014-10-08 09:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2015-03-01 17:44 - 2014-10-08 08:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2015-03-01 17:44 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2015-03-01 17:44 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2015-03-01 17:44 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-03-01 17:44 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2015-03-01 17:44 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2015-03-01 17:44 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2015-03-01 17:44 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2015-03-01 17:39 - 2014-08-23 07:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-03-01 17:39 - 2014-08-23 07:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-03-01 17:39 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-03-01 17:39 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-03-01 17:37 - 2014-05-19 08:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2015-03-01 17:37 - 2014-05-19 08:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2015-03-01 17:37 - 2014-05-19 07:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2015-03-01 17:35 - 2015-01-12 04:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-03-01 17:35 - 2015-01-12 03:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-03-01 17:35 - 2015-01-12 03:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-03-01 17:35 - 2015-01-12 03:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-03-01 17:35 - 2014-11-22 04:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-03-01 17:35 - 2014-11-22 04:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-03-01 17:35 - 2014-10-31 07:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2015-03-01 17:35 - 2014-10-31 07:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2015-03-01 17:35 - 2014-10-31 07:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2015-03-01 17:35 - 2014-10-31 07:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2015-03-01 17:35 - 2014-10-31 07:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2015-03-01 17:35 - 2014-10-31 07:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2015-03-01 17:35 - 2014-10-31 07:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-03-01 17:35 - 2014-10-31 07:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2015-03-01 17:35 - 2014-10-31 06:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-03-01 17:35 - 2014-10-31 06:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-03-01 17:35 - 2014-10-31 06:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2015-03-01 17:35 - 2014-10-31 06:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-03-01 17:35 - 2014-10-31 06:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2015-03-01 17:35 - 2014-10-31 06:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2015-03-01 17:35 - 2014-10-31 06:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2015-03-01 17:35 - 2014-10-31 06:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2015-03-01 17:35 - 2014-10-31 06:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2015-03-01 17:35 - 2014-10-31 06:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2015-03-01 17:35 - 2014-10-31 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-03-01 17:35 - 2014-10-31 06:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-03-01 17:35 - 2014-10-31 06:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-03-01 17:35 - 2014-10-31 06:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2015-03-01 17:35 - 2014-10-31 06:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2015-03-01 17:35 - 2014-10-31 05:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2015-03-01 17:35 - 2014-10-31 05:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2015-03-01 17:35 - 2014-10-31 05:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2015-03-01 17:35 - 2014-10-31 05:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2015-03-01 17:35 - 2014-10-31 05:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2015-03-01 17:35 - 2014-10-31 05:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2015-03-01 17:35 - 2014-10-31 05:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2015-03-01 17:35 - 2014-10-31 05:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2015-03-01 17:35 - 2014-10-31 05:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2015-03-01 17:35 - 2014-10-31 05:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-03-01 17:35 - 2014-10-31 05:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2015-03-01 17:35 - 2014-10-31 05:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2015-03-01 17:35 - 2014-10-31 05:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-03-01 17:35 - 2014-10-31 05:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2015-03-01 17:35 - 2014-10-31 05:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2015-03-01 17:35 - 2014-10-31 05:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-03-01 17:35 - 2014-10-31 05:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2015-03-01 17:35 - 2014-10-31 04:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-01 17:35 - 2014-10-31 04:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2015-03-01 17:35 - 2014-10-31 04:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2015-03-01 17:35 - 2014-10-31 04:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-03-01 17:35 - 2014-10-31 04:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-03-01 17:35 - 2014-10-31 04:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2015-03-01 17:35 - 2014-10-31 04:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2015-03-01 17:35 - 2014-10-31 04:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-03-01 17:35 - 2014-10-31 04:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2015-03-01 17:35 - 2014-08-23 08:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2015-03-01 17:35 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2015-03-01 17:35 - 2014-08-23 06:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2015-03-01 17:34 - 2014-11-10 01:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-03-01 17:34 - 2014-11-10 01:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-03-01 17:34 - 2014-11-10 01:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-03-01 17:34 - 2014-11-10 01:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-03-01 17:33 - 2014-08-16 06:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2015-03-01 17:33 - 2014-08-16 05:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-03-01 17:33 - 2014-08-16 05:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2015-03-01 17:33 - 2014-08-16 03:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-03-01 17:33 - 2014-08-16 03:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2015-03-01 17:33 - 2014-08-16 02:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-03-01 17:33 - 2014-08-16 02:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2015-03-01 17:33 - 2014-08-16 02:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2015-03-01 17:33 - 2014-08-16 02:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-03-01 17:33 - 2014-08-16 02:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2015-03-01 17:33 - 2014-08-16 02:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2015-03-01 17:33 - 2014-08-16 02:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2015-03-01 17:33 - 2014-08-16 02:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2015-03-01 17:33 - 2014-08-16 02:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-03-01 17:33 - 2014-08-16 02:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-03-01 17:33 - 2014-08-16 02:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2015-03-01 17:33 - 2014-08-16 02:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-03-01 17:33 - 2014-08-16 02:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-03-01 17:33 - 2014-08-16 02:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2015-03-01 17:33 - 2014-08-16 02:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-03-01 17:33 - 2014-08-16 02:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2015-03-01 17:33 - 2014-08-16 02:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2015-03-01 17:33 - 2014-08-16 02:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-03-01 17:33 - 2014-08-16 02:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-03-01 17:32 - 2014-10-23 07:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2015-03-01 17:32 - 2014-10-23 07:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2015-03-01 17:32 - 2014-09-10 08:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-03-01 17:32 - 2014-09-08 05:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-03-01 17:32 - 2014-09-08 05:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-03-01 17:32 - 2014-09-04 05:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-03-01 17:32 - 2014-09-04 04:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-03-01 17:32 - 2014-09-04 02:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2015-03-01 17:32 - 2014-08-31 02:17 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2015-03-01 17:32 - 2014-08-31 00:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2015-03-01 17:32 - 2014-08-30 23:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2015-03-01 17:32 - 2014-08-30 23:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-03-01 17:32 - 2014-08-30 22:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2015-03-01 17:32 - 2014-08-30 22:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-03-01 17:32 - 2014-08-28 02:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2015-03-01 17:32 - 2014-08-28 02:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2015-03-01 17:32 - 2014-08-23 07:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-03-01 17:32 - 2014-08-23 07:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-03-01 17:32 - 2014-08-23 06:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-03-01 17:32 - 2014-08-02 02:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-03-01 17:32 - 2014-08-02 02:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-03-01 17:30 - 2014-12-06 05:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-03-01 17:30 - 2014-12-06 03:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-03-01 17:30 - 2014-10-29 03:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-03-01 17:30 - 2014-10-29 03:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-03-01 17:30 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-03-01 17:30 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-03-01 17:29 - 2015-01-19 20:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-03-01 17:29 - 2014-12-08 21:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-03-01 17:29 - 2014-12-08 21:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-03-01 17:29 - 2014-12-08 21:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-03-01 17:29 - 2014-12-08 21:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-03-01 17:29 - 2014-12-08 21:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-03-01 17:29 - 2014-12-08 21:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-03-01 17:29 - 2014-12-08 21:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-03-01 17:29 - 2014-12-08 21:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-03-01 17:29 - 2014-12-06 03:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-03-01 17:29 - 2014-10-31 00:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-03-01 17:29 - 2014-10-31 00:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-03-01 17:29 - 2014-10-29 06:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-03-01 17:29 - 2014-10-29 06:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-03-01 17:29 - 2014-10-29 05:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-03-01 17:29 - 2014-10-29 05:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-03-01 17:29 - 2014-10-29 05:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-03-01 17:29 - 2014-10-29 05:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-03-01 17:29 - 2014-10-29 05:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-03-01 17:29 - 2014-10-29 05:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-03-01 17:29 - 2014-10-29 05:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-03-01 17:29 - 2014-10-29 05:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-03-01 17:29 - 2014-10-29 05:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-03-01 17:29 - 2014-10-29 04:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-03-01 17:29 - 2014-10-29 03:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-03-01 17:29 - 2014-10-29 03:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-03-01 17:29 - 2014-10-13 04:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-03-01 17:29 - 2014-10-13 04:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-03-01 17:29 - 2014-10-13 04:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-03-01 17:29 - 2014-10-13 04:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-03-01 17:29 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-03-01 13:56 - 2015-03-01 13:56 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Adobe
2015-02-28 23:12 - 2015-02-28 23:12 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-28 23:11 - 2015-03-01 13:57 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-28 23:11 - 2015-02-28 23:11 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-28 22:39 - 2015-03-03 17:36 - 00102912 ___SH () C:\Users\Kristina\Downloads\Thumbs.db
2015-02-28 22:35 - 2015-03-28 13:00 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-28 22:35 - 2015-03-28 13:00 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-28 22:35 - 2015-02-28 22:35 - 00002778 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-02-28 22:35 - 2015-02-28 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-28 22:27 - 2015-02-28 22:27 - 00001030 _____ () C:\Users\Public\Desktop\ClipGrab.lnk
2015-02-28 22:27 - 2015-02-28 22:27 - 00000000 ____D () C:\Users\Kristina\AppData\Local\CyberLink
2015-02-28 22:27 - 2015-02-28 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
2015-02-28 22:26 - 2015-02-28 22:27 - 00000000 ____D () C:\Program Files (x86)\ClipGrab
2015-02-28 18:35 - 2013-09-23 14:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2015-02-28 18:20 - 2015-02-28 18:21 - 00101376 _____ () C:\Users\Kristina\paukerplaner-daten.ppdb
2015-02-28 18:20 - 2015-02-28 18:21 - 00000000 _____ () C:\Users\Kristina\paukerplaner-daten.ppdb-journal
2015-02-28 17:40 - 2015-02-28 17:40 - 00001078 _____ () C:\Users\Public\Desktop\PaukerPlaner.lnk
2015-02-28 17:40 - 2015-02-28 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PaukerPlaner
2015-02-28 17:00 - 2015-02-28 17:40 - 00000000 ____D () C:\Program Files (x86)\Paukerplaner
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Programme
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2015-02-28 02:35 - 2015-02-28 02:35 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2015-02-27 22:05 - 2015-03-23 09:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-27 22:05 - 2015-02-27 22:06 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Mozilla
2015-02-27 22:05 - 2015-02-27 22:06 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Mozilla
2015-02-27 22:05 - 2015-02-27 22:05 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-27 22:05 - 2015-02-27 22:05 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-27 21:58 - 2015-03-24 16:11 - 00000000 ____D () C:\Users\Kristina\Documents\Schule
2015-02-27 21:50 - 2015-02-27 21:50 - 00000000 ____D () C:\Users\Public\Pokki
2015-02-27 21:49 - 2015-02-28 16:26 - 00002339 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-02-27 21:37 - 2015-02-27 21:37 - 00000000 __SHD () C:\Users\Kristina\AppData\Local\EmieUserList
2015-02-27 21:37 - 2015-02-27 21:37 - 00000000 __SHD () C:\Users\Kristina\AppData\Local\EmieSiteList
2015-02-27 20:23 - 2015-03-28 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-02-27 20:23 - 2015-03-28 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-02-27 20:23 - 2015-02-27 20:23 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2015-02-27 20:23 - 2015-02-27 20:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2015-02-27 20:23 - 2015-02-27 20:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2015-02-27 20:23 - 2015-02-27 20:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-02-27 20:22 - 2015-02-27 20:22 - 00000000 ____D () C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-02-27 20:21 - 2015-02-27 20:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2015-02-27 20:19 - 2015-02-27 20:19 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-27 20:18 - 2015-03-28 20:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-27 20:18 - 2015-02-27 20:18 - 00000000 __RHD () C:\MSOCache
2015-02-27 20:18 - 2015-02-27 20:18 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Microsoft Help
2015-02-27 20:18 - 2015-02-27 20:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-02-27 20:14 - 2015-02-27 20:14 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Nitro
2015-02-27 20:03 - 2015-03-29 14:37 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3852607773-491357534-3998752114-1001
2015-02-27 20:01 - 2015-03-29 14:21 - 00000000 ___RD () C:\Users\Kristina\OneDrive
2015-02-27 20:01 - 2015-02-27 20:47 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Lenovo
2015-02-27 19:59 - 2015-02-27 19:59 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Macromedia
2015-02-27 19:59 - 2015-02-27 19:59 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Intel Corporation
2015-02-27 19:58 - 2015-02-27 19:58 - 00000000 ____D () C:\Users\Kristina\AppData\Local\PackageStaging
2015-02-27 19:57 - 2015-03-29 14:22 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Pokki
2015-02-27 19:57 - 2015-03-29 11:21 - 00000000 ____D () C:\Users\Kristina
2015-02-27 19:57 - 2015-03-12 08:45 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Adobe
2015-02-27 19:57 - 2015-03-10 09:13 - 00000000 ____D () C:\Users\Kristina\AppData\Local\VirtualStore
2015-02-27 19:57 - 2015-03-02 21:13 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Packages
2015-02-27 19:57 - 2015-02-27 19:57 - 00001461 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-27 19:57 - 2015-02-27 19:57 - 00000180 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-02-27 19:57 - 2015-02-27 19:57 - 00000020 ___SH () C:\Users\Kristina\ntuser.ini
2015-02-27 19:57 - 2015-02-27 19:57 - 00000000 _SHDL () C:\Users\Kristina\Vorlagen
2015-02-27 19:57 - 2015-02-27 19:57 - 00000000 _SHDL () C:\Users\Kristina\Startmenü
2015-02-27 19:57 - 2015-02-27 19:57 - 00000000 _SHDL () C:\Users\Kristina\Netzwerkumgebung
2015-02-27 19:57 - 2015-02-27 19:57 - 00000000 _SHDL () C:\Users\Kristina\Lokale Einstellungen
2015-02-27 19:57 - 2015-02-27 19:57 - 00000000 _SHDL () C:\Users\Kristina\Eigene Dateien
2015-02-27 19:57 - 2015-02-27 19:57 - 00000000 _SHDL () C:\Users\Kristina\Druckumgebung
2015-02-27 19:57 - 2015-02-27 19:57 - 00000000 _SHDL () C:\Users\Kristina\Documents\Eigene Musik
2015-02-27 19:57 - 2015-02-27 19:57 - 00000000 _SHDL () C:\Users\Kristina\Documents\Eigene Bilder
2015-02-27 19:57 - 2015-02-27 19:57 - 00000000 _SHDL () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-02-27 19:57 - 2015-02-27 19:57 - 00000000 _SHDL () C:\Users\Kristina\AppData\Local\Verlauf
2015-02-27 19:57 - 2015-02-27 19:57 - 00000000 _SHDL () C:\Users\Kristina\AppData\Local\Anwendungsdaten
2015-02-27 19:57 - 2015-02-27 19:57 - 00000000 _SHDL () C:\Users\Kristina\Anwendungsdaten
2015-02-27 19:57 - 2015-02-27 19:57 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Intel
2015-02-27 19:57 - 2014-11-28 22:14 - 00000000 ___RD () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-27 19:57 - 2014-08-23 23:39 - 00000000 ___RD () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-27 19:57 - 2014-03-18 11:55 - 00000369 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-02-27 19:57 - 2014-03-18 11:55 - 00000369 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-02-27 19:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-27 19:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 14:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-29 14:22 - 2014-11-29 07:05 - 00770130 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-29 14:22 - 2014-11-29 07:05 - 00160912 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-29 14:22 - 2014-03-18 11:53 - 01789004 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-29 14:21 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-29 10:20 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-28 20:14 - 2014-04-03 20:24 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-03-28 20:14 - 2014-03-18 11:38 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-03-28 20:11 - 2013-08-22 15:25 - 00000167 _____ () C:\WINDOWS\win.ini
2015-03-28 10:51 - 2014-11-28 22:40 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2015-03-27 17:28 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-22 12:07 - 2014-11-28 22:41 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-22 11:44 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-16 16:38 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-16 08:54 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-16 08:53 - 2014-11-28 22:44 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf
2015-03-16 08:53 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-16 08:53 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-16 08:52 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-16 08:52 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-16 08:52 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-16 08:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-16 08:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-15 13:18 - 2013-08-22 17:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-11 18:49 - 2013-08-22 16:44 - 00491696 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-07 21:39 - 2014-11-28 22:16 - 01809786 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-03-04 23:24 - 2013-08-22 17:38 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-04 23:24 - 2013-08-22 17:38 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-02 17:11 - 2014-11-28 22:39 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-03-02 12:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-03-02 12:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-03-02 12:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-03-02 12:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-02 12:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-02 12:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-02 12:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-02 10:20 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-01 23:05 - 2014-11-28 22:44 - 00010928 _____ () C:\WINDOWS\SysWOW64\VisualDiscovery.ini
2015-03-01 23:05 - 2014-11-28 22:44 - 00005432 _____ () C:\WINDOWS\SysWOW64\VisualDiscoveryOff.ini
2015-03-01 23:05 - 2014-11-28 22:44 - 00005432 _____ () C:\WINDOWS\system32\VisualDiscoveryOff.ini
2015-02-28 22:35 - 2014-04-03 21:15 - 00000000 ____D () C:\WINDOWS\Panther
2015-02-28 22:27 - 2014-11-28 22:44 - 00000000 ____D () C:\ProgramData\CyberLink
2015-02-28 18:34 - 2014-11-28 22:41 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-02-28 18:34 - 2013-08-22 17:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-02-28 18:33 - 2014-11-28 22:41 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-28 02:35 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-02-28 02:35 - 2013-08-22 15:36 - 00000000 ___HD () C:\Users\Default
2015-02-27 21:54 - 2014-11-28 22:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-27 20:47 - 2014-11-28 22:39 - 00000000 ____D () C:\ProgramData\Lenovo
2015-02-27 20:01 - 2014-11-28 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo

==================== Files in the root of some directories =======

2014-11-28 22:17 - 2014-11-28 22:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-22 21:07

==================== End Of Log ============================
--- --- ---


Hier die nächsten txt-Dateien

FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Kristina at 2015-03-29 11:26:19
Running from C:\Users\Kristina\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)
 Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.0.3.4 - Lenovo)
Chemie_Aber_Sicher Version 1.0 (HKLM-x32\...\{0A64BFD0-0511-4C67-A3BF-D4C0C1055255}_is1) (Version: 1.0 - Marco Korn)
ClipGrab 3.4.9 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version:  - Marek Jasinski)
Host App Service (HKU\S-1-5-21-3852607773-491357534-3998752114-1001\...\Pokki) (Version: 0.269.7.573 - Pokki)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.2.1000 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{C23B292D-2656-4A05-97D5-41FDC040158C}) (Version: 3.0.1342.02 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7e493493-a430-4b7b-b8a2-48d61599e220}) (Version: 17.0.0 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{E9325F15-6339-45E8-9DC4-C2D44B623039}) (Version: 2.5.1.0224 - PointGrab)
Lenovo Motion Control (x32 Version: 2.5.1.0224 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.4 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.10181 - Lenovo)
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.0.14.1061 - Lenovo)
Lenovo Yoga 2 Demo (HKLM-x32\...\{03C682A4-05CD-4D22-B50A-B9C3C5F2B137}) (Version: 1.0.7 - Lenovo)
Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.5 - Lenovo)
Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.5 - Lenovo) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1529 - McAfee, Inc.)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro)
PaukerPlaner (HKLM-x32\...\PaukerPlaner) (Version:  - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39053 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.22.0.160 - Client Connect LTD) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.8.0 - Lenovo Group Limited)
Start Menu (HKU\S-1-5-21-3852607773-491357534-3998752114-1001\...\Pokki_Start_Menu) (Version: 0.269.7.573 - Pokki)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.71 - Synaptics Incorporated)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.2.7 - Lenovo)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.5.014.0106 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3852607773-491357534-3998752114-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

11-03-2015 18:43:20 Windows Update
15-03-2015 13:15:14 Windows Update
24-03-2015 09:56:31 Geplanter Prüfpunkt
27-03-2015 08:51:53 McAfee  Vulnerability Scanner
28-03-2015 20:10:12 Configured Microsoft Office Professional Plus 2010

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {18EA04DE-3A3B-42AD-957A-B9C0F439D541} - System32\Tasks\avaavxvyex => C:\Users\Kristina\AppData\Local\avaavxvyex\avaavxvyex.exe <==== ATTENTION
Task: {2AF05064-8840-4A0A-9318-CDDC22CA2480} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {41512FFE-A746-4AC7-A830-CE9832AED33C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5E9A2D73-A3A4-4327-90F4-95599835CA33} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-08-18] (Lenovo)
Task: {5F6D39E9-0920-4933-B0D5-9058A2F0444A} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2015-02-27] (Lenovo)
Task: {9163C5F5-2846-46A6-8232-33FC04000E4F} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {93AC16D4-9A54-49F7-95AE-9E01CD65A848} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C164E46B-EE09-485F-B1C4-5A92A3091BF5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {C9570770-1D70-464B-8E58-68BE3FA8335B} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2014-11-28] (Lenovo)
Task: {CA03E1CE-944D-4C07-838D-A023A9C2C904} - System32\Tasks\Lenovo\StartLenovoMessenger => C:\Program Files (x86)\Lenovo\Lenovo Messenger\NotificationsViewHost.exe [2014-11-21] ()
Task: {F5109302-0D2C-4CD0-8E27-46C705554F69} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)

==================== Loaded Modules (whitelisted) ==============

2014-11-28 22:43 - 2012-04-24 12:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-11-28 22:44 - 2014-11-28 22:44 - 00067856 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2014-11-28 22:44 - 2014-11-28 22:44 - 00672016 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2014-11-28 22:44 - 2014-11-28 22:44 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2014-11-28 22:41 - 2014-01-06 16:14 - 00019440 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
2014-11-28 22:40 - 2014-07-09 18:19 - 00592880 _____ () C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
2014-11-28 22:43 - 2014-11-28 22:43 - 00815104 _____ () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-28 22:40 - 2014-07-09 18:19 - 00397296 _____ () C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
2014-11-28 22:44 - 2014-11-28 22:44 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
2014-11-28 22:44 - 2014-11-28 22:44 - 00108304 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
2014-11-28 22:41 - 2014-01-06 15:58 - 00044016 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Util.dll
2015-03-08 18:11 - 2015-03-08 18:11 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll
2015-03-08 18:11 - 2015-03-08 18:11 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f0dd293f95c402613c49fb2fac85bdd\Windows.Networking.ni.dll
2015-03-08 18:11 - 2015-03-08 18:11 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2015-03-13 15:54 - 2015-03-13 15:54 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-24 17:39 - 2014-02-24 17:39 - 00013576 _____ () C:\Program Files (x86)\Lenovo\Motion Control\PointGrabDeviceAPI.dll
2014-11-28 22:15 - 2013-09-16 13:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-28 22:44 - 2014-11-28 22:44 - 00102672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\1366\TransitionLib.dll
2014-11-28 22:44 - 2014-11-28 22:44 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
2014-11-28 22:44 - 2014-11-28 22:44 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Kristina\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3852607773-491357534-3998752114-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kristina\Pictures\tiger.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3852607773-491357534-3998752114-500 - Administrator - Disabled)
Gast (S-1-5-21-3852607773-491357534-3998752114-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3852607773-491357534-3998752114-1003 - Limited - Enabled)
Kristina (S-1-5-21-3852607773-491357534-3998752114-1001 - Administrator - Enabled) => C:\Users\Kristina

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/29/2015 10:52:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iTunes.exe, Version: 12.1.1.4, Zeitstempel: 0x54de1991
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000001438bae2de0
ID des fehlerhaften Prozesses: 0x23d0
Startzeit der fehlerhaften Anwendung: 0xiTunes.exe0
Pfad der fehlerhaften Anwendung: iTunes.exe1
Pfad des fehlerhaften Moduls: iTunes.exe2
Berichtskennung: iTunes.exe3
Vollständiger Name des fehlerhaften Pakets: iTunes.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: iTunes.exe5

Error: (03/28/2015 09:56:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.7143.5000, Zeitstempel: 0x54b56e39
Name des fehlerhaften Moduls: pstprx32.dll, Version: 14.0.7140.5000, Zeitstempel: 0x5461a082
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00028ab9
ID des fehlerhaften Prozesses: 0xbd4
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3
Vollständiger Name des fehlerhaften Pakets: OUTLOOK.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: OUTLOOK.EXE5

Error: (03/28/2015 09:56:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.7143.5000, Zeitstempel: 0x54b56e39
Name des fehlerhaften Moduls: pstprx32.dll, Version: 14.0.7140.5000, Zeitstempel: 0x5461a082
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00028ab9
ID des fehlerhaften Prozesses: 0x216c
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3
Vollständiger Name des fehlerhaften Pakets: OUTLOOK.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: OUTLOOK.EXE5

Error: (03/28/2015 09:54:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.7143.5000, Zeitstempel: 0x54b56e39
Name des fehlerhaften Moduls: pstprx32.dll, Version: 14.0.7140.5000, Zeitstempel: 0x5461a082
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00028ab9
ID des fehlerhaften Prozesses: 0x2368
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3
Vollständiger Name des fehlerhaften Pakets: OUTLOOK.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: OUTLOOK.EXE5

Error: (03/28/2015 08:10:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service VisualDiscovery since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (03/27/2015 10:13:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1406

Error: (03/27/2015 10:13:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1406

Error: (03/27/2015 10:13:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/26/2015 06:59:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1250

Error: (03/26/2015 06:59:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1250


System errors:
=============
Error: (03/27/2015 05:33:50 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (03/27/2015 05:28:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VisualDiscovery" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (03/27/2015 05:28:12 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎27.‎03.‎2015 um 15:28:33 unerwartet heruntergefahren.

Error: (03/27/2015 08:51:24 AM) (Source: DCOM) (EventID: 10016) (User: TOGO)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ToGoKristinaS-1-5-21-3852607773-491357534-3998752114-1001LocalHost (unter Verwendung von LRPC)Microsoft.MicrosoftMahjong_2.4.1412.2202_x86__8wekyb3d8bbweS-1-15-2-2481395877-3904904754-2872837976-1880937080-3242436791-3293372984-3327460953

Error: (03/27/2015 08:51:24 AM) (Source: DCOM) (EventID: 10016) (User: TOGO)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ToGoKristinaS-1-5-21-3852607773-491357534-3998752114-1001LocalHost (unter Verwendung von LRPC)Microsoft.MicrosoftMahjong_2.4.1412.2202_x86__8wekyb3d8bbweS-1-15-2-2481395877-3904904754-2872837976-1880937080-3242436791-3293372984-3327460953

Error: (03/27/2015 08:51:24 AM) (Source: DCOM) (EventID: 10016) (User: TOGO)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ToGoKristinaS-1-5-21-3852607773-491357534-3998752114-1001LocalHost (unter Verwendung von LRPC)Microsoft.MicrosoftMahjong_2.4.1412.2202_x86__8wekyb3d8bbweS-1-15-2-2481395877-3904904754-2872837976-1880937080-3242436791-3293372984-3327460953

Error: (03/27/2015 08:51:24 AM) (Source: DCOM) (EventID: 10016) (User: TOGO)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ToGoKristinaS-1-5-21-3852607773-491357534-3998752114-1001LocalHost (unter Verwendung von LRPC)Microsoft.MicrosoftMahjong_2.4.1412.2202_x86__8wekyb3d8bbweS-1-15-2-2481395877-3904904754-2872837976-1880937080-3242436791-3293372984-3327460953

Error: (03/27/2015 08:51:24 AM) (Source: DCOM) (EventID: 10016) (User: TOGO)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ToGoKristinaS-1-5-21-3852607773-491357534-3998752114-1001LocalHost (unter Verwendung von LRPC)Microsoft.MicrosoftMahjong_2.4.1412.2202_x86__8wekyb3d8bbweS-1-15-2-2481395877-3904904754-2872837976-1880937080-3242436791-3293372984-3327460953

Error: (03/27/2015 08:51:24 AM) (Source: DCOM) (EventID: 10016) (User: TOGO)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ToGoKristinaS-1-5-21-3852607773-491357534-3998752114-1001LocalHost (unter Verwendung von LRPC)Microsoft.MicrosoftMahjong_2.4.1412.2202_x86__8wekyb3d8bbweS-1-15-2-2481395877-3904904754-2872837976-1880937080-3242436791-3293372984-3327460953

Error: (03/27/2015 08:51:24 AM) (Source: DCOM) (EventID: 10016) (User: TOGO)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ToGoKristinaS-1-5-21-3852607773-491357534-3998752114-1001LocalHost (unter Verwendung von LRPC)Microsoft.MicrosoftMahjong_2.4.1412.2202_x86__8wekyb3d8bbweS-1-15-2-2481395877-3904904754-2872837976-1880937080-3242436791-3293372984-3327460953


Microsoft Office Sessions:
=========================
Error: (03/29/2015 10:52:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iTunes.exe12.1.1.454de1991unknown0.0.0.000000000c0000005000001438bae2de023d001d069fd8fc3e75bC:\Program Files\iTunes\iTunes.exeunknownf88310af-d5f0-11e4-8282-e8b1fcab1007

Error: (03/28/2015 09:56:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OUTLOOK.EXE14.0.7143.500054b56e39pstprx32.dll14.0.7140.50005461a082c000000500028ab9bd401d0699153e09e1eC:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEC:\Program Files (x86)\Microsoft Office\Office14\pstprx32.dll92ac44fd-d584-11e4-8282-e8b1fcab1007

Error: (03/28/2015 09:56:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OUTLOOK.EXE14.0.7143.500054b56e39pstprx32.dll14.0.7140.50005461a082c000000500028ab9216c01d06991356d3782C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXEC:\Program Files (x86)\Microsoft Office\Office14\pstprx32.dll74e28995-d584-11e4-8282-e8b1fcab1007

Error: (03/28/2015 09:54:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OUTLOOK.EXE14.0.7143.500054b56e39pstprx32.dll14.0.7140.50005461a082c000000500028ab9236801d0699106b3f83aC:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEC:\Program Files (x86)\Microsoft Office\Office14\pstprx32.dll4597faf2-d584-11e4-8282-e8b1fcab1007

Error: (03/28/2015 08:10:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service VisualDiscovery since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (03/27/2015 10:13:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1406

Error: (03/27/2015 10:13:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1406

Error: (03/27/2015 10:13:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/26/2015 06:59:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1250

Error: (03/26/2015 06:59:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1250


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 30%
Total physical RAM: 8112.96 MB
Available physical RAM: 5610.77 MB
Total Pagefile: 9392.96 MB
Available Pagefile: 5953.38 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:197.84 GB) (Free:136.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: D3D5D735)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---

kmuench 29.03.2015 14:19
GMER Logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-29 14:39:23
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000034 LITEONIT_LGT-256M6G rev.DG86201 238,47GB
Running: Gmer-19357.exe; Driver: C:\Users\Kristina\AppData\Local\Temp\uxtdipog.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1544] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                      00007ffa4f8d169a 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1544] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                      00007ffa4f8d16a2 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1544] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                        00007ffa4f8d181a 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1544] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                        00007ffa4f8d1832 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1544] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194                                                                            00007ffa46141f6a 4 bytes [14, 46, FA, 7F]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1544] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218                                                                            00007ffa46141f82 4 bytes [14, 46, FA, 7F]
.text    C:\WINDOWS\system32\mfevtps.exe[1836] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506                                                                                00007ffa4f8d169a 4 bytes [8D, 4F, FA, 7F]
.text    C:\WINDOWS\system32\mfevtps.exe[1836] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514                                                                                00007ffa4f8d16a2 4 bytes [8D, 4F, FA, 7F]
.text    C:\WINDOWS\system32\mfevtps.exe[1836] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118                                                                                    00007ffa4f8d181a 4 bytes [8D, 4F, FA, 7F]
.text    C:\WINDOWS\system32\mfevtps.exe[1836] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142                                                                                    00007ffa4f8d1832 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2072] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                  00007ffa4f8d169a 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2072] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                  00007ffa4f8d16a2 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2072] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                    00007ffa4f8d181a 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2072] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                    00007ffa4f8d1832 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2300] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                          00007ffa4f8d169a 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2300] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                          00007ffa4f8d16a2 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2300] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                              00007ffa4f8d181a 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2300] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                              00007ffa4f8d1832 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2404] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                        00007ffa4f8d169a 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2404] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                        00007ffa4f8d16a2 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2404] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                          00007ffa4f8d181a 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2404] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                          00007ffa4f8d1832 4 bytes [8D, 4F, FA, 7F]
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[2752] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                          00007ffa4f8d169a 4 bytes [8D, 4F, FA, 7F]
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[2752] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                          00007ffa4f8d16a2 4 bytes [8D, 4F, FA, 7F]
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[2752] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                              00007ffa4f8d181a 4 bytes [8D, 4F, FA, 7F]
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[2752] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                              00007ffa4f8d1832 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe[3144] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506                                        00007ffa4f8d169a 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe[3144] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514                                        00007ffa4f8d16a2 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe[3144] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118                                            00007ffa4f8d181a 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe[3144] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142                                            00007ffa4f8d1832 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3084] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194                                00007ffa46141f6a 4 bytes [14, 46, FA, 7F]
.text    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3084] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218                                00007ffa46141f82 4 bytes [14, 46, FA, 7F]
.text    C:\WINDOWS\Explorer.EXE[6012] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                        00007ffa4f8d169a 4 bytes [8D, 4F, FA, 7F]
.text    C:\WINDOWS\Explorer.EXE[6012] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                        00007ffa4f8d16a2 4 bytes [8D, 4F, FA, 7F]
.text    C:\WINDOWS\Explorer.EXE[6012] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                            00007ffa4f8d181a 4 bytes [8D, 4F, FA, 7F]
.text    C:\WINDOWS\Explorer.EXE[6012] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                            00007ffa4f8d1832 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7060] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                      00007ffa4f8d169a 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7060] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                      00007ffa4f8d16a2 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7060] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                          00007ffa4f8d181a 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7060] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                          00007ffa4f8d1832 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5296] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                  00007ffa4f8d169a 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5296] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                  00007ffa4f8d16a2 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5296] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                      00007ffa4f8d181a 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5296] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                      00007ffa4f8d1832 4 bytes [8D, 4F, FA, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2628] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                00007ffa4f8d169a 4 bytes [8D, 4F, FA, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2628] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                00007ffa4f8d16a2 4 bytes [8D, 4F, FA, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2628] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                  00007ffa4f8d181a 4 bytes [8D, 4F, FA, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2628] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                  00007ffa4f8d1832 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\iTunes\iTunesHelper.exe[4628] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194                                                                              00007ffa46141f6a 4 bytes [14, 46, FA, 7F]
.text    C:\Program Files\iTunes\iTunesHelper.exe[4628] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218                                                                              00007ffa46141f82 4 bytes [14, 46, FA, 7F]
.text    C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[5116] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                  00007ffa4f8d169a 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[5116] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                  00007ffa4f8d16a2 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[5116] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                      00007ffa4f8d181a 4 bytes [8D, 4F, FA, 7F]
.text    C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[5116] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                      00007ffa4f8d1832 4 bytes [8D, 4F, FA, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [5032:6620]                                                                                                                                    fffff96000988b90
---- Processes - GMER 2.1 ----

Library  C:\ProgramData\LenovoTransition\Server\x64\Windows7.SensorAndLocation.dll (*** suspicious ***) @ C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [2220] (FILE NOT FOUND)  000000c1f9aa0000

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                                        unknown MBR code

---- EOF - GMER 2.1 ----
--- --- ---


Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 29.03.2015
Suchlauf-Zeit: 10:55:15
Logdatei: suchlauf.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.03.29.03
Rootkit Datenbank: v2015.03.26.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Kristina

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 363784
Verstrichene Zeit: 7 Min, 11 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, 4208, , [2e192823f7933cfa3298e5d44db4d030]

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 6
PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, , [2e192823f7933cfa3298e5d44db4d030],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3852607773-491357534-3998752114-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [f94e9bb0f793da5ca2432506c53edb25],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, , [9fa880cbe5a5ca6c20dfc08201047888],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, , [02454efd3357c274a448a0461ae9d927],
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, , [1e29bf8c1377d066890a1ac642c1748c],

Registrierungswerte: 4
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, , [02454efd3357c274a448a0461ae9d927]
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\WINDOWS\system32\drivers\SPPD.sys, , [1e29bf8c1377d066890a1ac642c1748c]
PUP.Optional.Trovi.A, HKU\S-1-5-21-3852607773-491357534-3998752114-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=ME1446586-EA9A-48E7-AFA7-5A46E98FB637&SearchSource=58&CUI=&UM=8&UP=SP37B1D47F-64B6-4F94-9C27-280E242A1A11&q={searchTerms}&SSPV=, , [9bac0546cbbf5adc5737a0ae45c01de3]
PUP.Optional.Trovi.A, HKU\S-1-5-21-3852607773-491357534-3998752114-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Trovi, , [aa9dae9d3c4e78be335bca84e61fe818]

Registrierungsdaten: 2
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll, Gut: (), Schlecht: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll),,[95b21833fa90082e7c4ec8f14bb6b749]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll, Gut: (), Schlecht: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll),,[8cbbc5863b4fa690bb0fc9f08081c13f]

Ordner: 25
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Users\Kristina\AppData\Local\SearchProtect, , [7ec995b6fe8cd066ec35b6d82fd46799],
PUP.Optional.SearchProtect.A, C:\Users\Kristina\AppData\Local\SearchProtect\SearchProtect, , [7ec995b6fe8cd066ec35b6d82fd46799],
PUP.Optional.SearchProtect.A, C:\Users\Kristina\AppData\Local\SearchProtect\SearchProtect\rep, , [7ec995b6fe8cd066ec35b6d82fd46799],
PUP.Optional.SearchProtect.A, C:\Users\Kristina\AppData\Local\SearchProtect\SearchProtect\STG, , [7ec995b6fe8cd066ec35b6d82fd46799],
PUP.Optional.SearchProtect.A, C:\Users\Kristina\AppData\Local\SearchProtect\UI, , [7ec995b6fe8cd066ec35b6d82fd46799],
PUP.Optional.SearchProtect.A, C:\Users\Kristina\AppData\Local\SearchProtect\UI\rep, , [7ec995b6fe8cd066ec35b6d82fd46799],
PUP.Optional.SearchProtect.A, C:\Users\Kristina\AppData\Local\avaavxvyex, , [b4933d0e9feb68cee9a3a60b798af709],

Dateien: 106
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, , [2e192823f7933cfa3298e5d44db4d030],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, , [bd8aa8a32a6095a17d4df7c239c8ed13],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, , [22250d3e9af020168743e1d85ba67987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll, , [95b21833fa90082e7c4ec8f14bb6b749],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll, , [8cbbc5863b4fa690bb0fc9f08081c13f],
PUP.Optional.SearchProtect.A, C:\Users\Kristina\AppData\Local\avaavxvyex\pbqrmvbub, , [80c7a0ab26647fb755753386d829ce32],
PUP.Optional.SearchProtect.A, C:\Windows\apppatch\apppatch64\VCLdr64.dll, , [9fa8a3a8503af343e5e5b00959a8758b],
PUP.Optional.SearchProtect.A, C:\Windows\apppatch\nbin\VC32Loader.dll, , [f0572a211377ed493892f2c7bc45ff01],
PUP.Optional.VisualDiscovery.A, C:\Windows\System32\VisualDiscoveryOff.ini, , [cc7b63e8fd8dbb7b787c2e87c340b64a],
PUP.Optional.VisualDiscovery.A, C:\Windows\SysWOW64\VisualDiscoveryOff.ini, , [2b1c4dfe45459b9b84707144e51e8080],
PUP.Optional.VisualDiscovery.A, C:\Windows\SysWOW64\VisualDiscovery.ini, , [ef58d7743c4edc5a1cd9199ca261837d],
PUP.Optional.Trovi.A, C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\2rdgd1bv.default\searchplugins\trovi.xml, , [3c0bd378e6a4cc6a705f6553f60dc43c],
PUP.Optional.SearchProtect.A, C:\Windows\System32\Tasks\avaavxvyex, , [96b14a01b3d7a78f8a02f2cbac57e21e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\CRASH_REPORT_P1428_T392_D2015_03_02_T19_54_51.txt, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1427049411243, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\cfi.bin, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\edk.bin, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\pni.bin, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\trn.bin, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.css, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.html, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.js, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\DialogAPI.js, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, , [1b2c99b23258979f1f357cad996c7987],
PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, , [bd8aa7a461297eb8ba49d46f986d758b],
PUP.Optional.SearchProtect.A, C:\Users\Kristina\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, , [7ec995b6fe8cd066ec35b6d82fd46799],
PUP.Optional.SearchProtect.A, C:\Users\Kristina\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, , [7ec995b6fe8cd066ec35b6d82fd46799],
PUP.Optional.SearchProtect.A, C:\Users\Kristina\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, , [7ec995b6fe8cd066ec35b6d82fd46799],
PUP.Optional.SearchProtect.A, C:\Users\Kristina\AppData\Local\avaavxvyex\bahvxfk, , [b4933d0e9feb68cee9a3a60b798af709],
PUP.Optional.SearchProtect.A, C:\Users\Kristina\AppData\Local\avaavxvyex\mkfvxfk, , [b4933d0e9feb68cee9a3a60b798af709],
PUP.Optional.SearchProtect.A, C:\Users\Kristina\AppData\Local\avaavxvyex\pvpqbjobmlpfqlovvawq, , [b4933d0e9feb68cee9a3a60b798af709],
PUP.Optional.SearchProtect.A, C:\Users\Kristina\AppData\Local\avaavxvyex\qokvxfk, , [b4933d0e9feb68cee9a3a60b798af709],
PUP.Optional.SearchProtect.A, C:\Users\Kristina\AppData\Local\avaavxvyex\rfobmlpfqlovvawq, , [b4933d0e9feb68cee9a3a60b798af709],
PUP.Optional.SearchProtect.A, C:\Users\Kristina\AppData\Local\avaavxvyex\rpboobmlpfqlovvawq, , [b4933d0e9feb68cee9a3a60b798af709],
PUP.Optional.SearchProtect.A, C:\Users\Kristina\AppData\Local\avaavxvyex\ycfvxfk, , [b4933d0e9feb68cee9a3a60b798af709],
PUP.Optional.Trovi.A, C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\2rdgd1bv.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=ME1446586-EA9A-48E7-AFA7-5A46E98FB637&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP37B1D47F-64B6-4F94-9C27-280E242A1A11");), ,[53f4a8a31f6b53e3e97e77c08c7a5ca4]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
Der Virenscan liefert keine Befunde!

schrauber 29.03.2015 15:25
hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Search Protect


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 




MBAM updaten, scannen, Funde löschen lassen.



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

kmuench 29.03.2015 16:16
Hier die Log Files
 
AdwCleaner Logfile:
Code:
# AdwCleaner v4.113 - Bericht erstellt 29/03/2015 um 16:59:14
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-03-28.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Kristina - TOGO
# Gestarted von : C:\Users\Kristina\Desktop\AdwCleaner_4.113.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\VisualDiscovery
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]

-\\ Mozilla Firefox v36.0.4 (x86 de)

[2rdgd1bv.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultenginename", "Trovi");
[2rdgd1bv.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Trovi");

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [3385 Bytes] - [29/03/2015 16:55:45]
AdwCleaner[S0].txt - [3176 Bytes] - [29/03/2015 16:59:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3235  Bytes] ##########
--- --- ---

[/CODE]

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 29.03.2015
Suchlauf-Zeit: 16:45:02
Logdatei: Malewarebytes.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.03.29.05
Rootkit Datenbank: v2015.03.26.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Kristina

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 363837
Verstrichene Zeit: 6 Min, 16 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 1
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3852607773-491357534-3998752114-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [034677d4a3e7e254162363c94eb50ff1],

Registrierungswerte: 2
PUP.Optional.Trovi.A, HKU\S-1-5-21-3852607773-491357534-3998752114-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=ME1446586-EA9A-48E7-AFA7-5A46E98FB637&SearchSource=58&CUI=&UM=8&UP=SP37B1D47F-64B6-4F94-9C27-280E242A1A11&q={searchTerms}&SSPV=, , [94b51a31ee9c74c224b8222bc54037c9]
PUP.Optional.Trovi.A, HKU\S-1-5-21-3852607773-491357534-3998752114-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Trovi, , [e366ef5c8a00ad89d606252891748f71]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 6
PUP.Optional.SearchProtect.A, C:\Users\Kristina\AppData\Local\Temp\nss24B2.tmp\SPtool.dll, , [3514f15a4c3efc3a5381fabfc33e9b65],
PUP.Optional.SearchProtect.A, C:\Users\Kristina\AppData\Local\Temp\~nsu.tmp\Au_.exe, , [c881c6859bef89ad25afdedb8c755aa6],
PUP.Optional.VisualDiscovery.A, C:\Windows\System32\VisualDiscoveryOff.ini, , [df6ac388e1a9e6507ce6833320e319e7],
PUP.Optional.VisualDiscovery.A, C:\Windows\SysWOW64\VisualDiscoveryOff.ini, , [3910a7a4236774c29cc6694dc53e47b9],
PUP.Optional.VisualDiscovery.A, C:\Windows\SysWOW64\VisualDiscovery.ini, , [b594b69589013402f96acee81ee5db25],
PUP.Optional.Trovi.A, C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\2rdgd1bv.default\searchplugins\trovi.xml, , [a4a58ebd8802a88e1d0910a9ce35f709],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.7 (03.28.2015:1)
OS: Windows 8.1 x64
Ran by Kristina on 29.03.2015 at 17:02:09,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.03.2015 at 17:05:29,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---

schrauber 30.03.2015 05:12

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

kmuench 31.03.2015 10:56
ESET Log File
 
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=27a3ae5c30435c48aa2b00e3de3d0bd9
# engine=23166
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-31 09:44:54
# local_time=2015-03-31 11:44:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='McAfee Anti-Virus * Anti-Spyware'
# compatibility_mode=5130 16777214 100 97 2257740 55039380 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1306323 18982064 0 0
# scanned=228471
# found=0
# cleaned=0
# scan_time=1785
Hier die Security Check Log Datei

Code:
Results of screen317's Security Check version 0.99.97 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Windows Defender                   
McAfee Anti-Virus und Anti-Spyware 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
  Java 64-bit 8 Update 31 
 Adobe Reader XI 
 Mozilla Firefox (36.0.4)
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
Und hier die FRST Log Datei


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Kristina (administrator) on TOGO on 31-03-2015 11:54:03
Running from C:\Users\Kristina\Downloads
Loaded Profiles: Kristina (Available profiles: Kristina)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
() C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
() C:\Program Files (x86)\Lenovo\Lenovo Messenger\NotificationsViewHost.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Kristina\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-03-26] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-01-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-10-17] (Realtek semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2781936 2013-12-19] (Synaptics Incorporated)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-11-28] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-11-28] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-11-28] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-11-28] (Lenovo(beijing) Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119280 2014-01-06] (Lenovo)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3852607773-491357534-3998752114-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3852607773-491357534-3998752114-1001\...\RunOnce: [Adobe Speed Launcher] => 1427795251

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3852607773-491357534-3998752114-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3852607773-491357534-3998752114-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-01-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-01-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\2rdgd1bv.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\vlc\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-11-28]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-28]
CHR Extension: (Docs) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-28]
CHR Extension: (Google Drive) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-28]
CHR Extension: (YouTube) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-28]
CHR Extension: (Google Search) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]
CHR Extension: (Google Sheets) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-28]
CHR Extension: (Google Wallet) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-28]
CHR Extension: (Gmail) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-03-26] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-10] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-22] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-11-28] (Lenovo(beijing) Limited)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-11-28] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-24] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-24] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-11-28] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-11-28] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-11-28] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [33040 2014-11-28] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2014-01-06] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3433952 2014-02-18] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-17] (Realtek Semiconductor Corp.)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-19] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-31 11:54 - 2015-03-31 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-03-31 11:53 - 2015-03-31 11:53 - 02095616 _____ (Farbar) C:\Users\Kristina\Downloads\FRST64(1).exe
2015-03-31 11:49 - 2015-03-31 11:49 - 00852604 _____ () C:\Users\Kristina\Downloads\SecurityCheck.exe
2015-03-31 11:11 - 2015-03-31 11:11 - 00002435 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
2015-03-31 11:11 - 2015-03-31 11:11 - 00000000 ____D () C:\WINDOWS\WindowsMobile
2015-03-31 11:09 - 2015-03-31 11:10 - 13054856 _____ (Microsoft Corporation) C:\Users\Kristina\Downloads\drvupdate-amd64.exe
2015-03-31 11:03 - 2015-03-31 11:44 - 00000802 _____ () C:\Users\Kristina\Desktop\ESET.txt
2015-03-31 09:47 - 2015-03-31 09:47 - 02347384 _____ (ESET) C:\Users\Kristina\Downloads\esetsmartinstaller_deu.exe
2015-03-31 09:41 - 2015-03-31 09:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kristina\Downloads\revosetup95.exe
2015-03-29 23:15 - 2015-03-29 23:15 - 00000000 ____D () C:\Users\Kristina\krissi79@web.de
2015-03-29 22:27 - 2015-03-29 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-03-29 22:27 - 2015-03-29 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-29 22:26 - 2015-03-29 22:26 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2015-03-29 22:26 - 2015-03-29 22:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2015-03-29 22:26 - 2015-03-29 22:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2015-03-29 22:26 - 2015-03-29 22:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-03-29 22:24 - 2015-03-29 22:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2015-03-29 22:23 - 2015-03-29 22:23 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-29 22:23 - 2015-03-29 22:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-03-29 22:22 - 2015-03-29 22:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-29 22:22 - 2015-03-29 22:22 - 00000000 __RHD () C:\MSOCache
2015-03-29 22:19 - 2015-03-31 11:47 - 00000472 _____ () C:\WINDOWS\setupact.log
2015-03-29 22:19 - 2015-03-31 11:46 - 00010030 _____ () C:\WINDOWS\PFRO.log
2015-03-29 22:19 - 2015-03-29 22:19 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-03-29 17:05 - 2015-03-29 17:05 - 00000617 _____ () C:\Users\Kristina\Desktop\JRT.txt
2015-03-29 16:55 - 2015-03-29 16:59 - 00000000 ____D () C:\AdwCleaner
2015-03-29 16:41 - 2015-03-29 16:41 - 00001291 _____ () C:\Users\Kristina\Desktop\Revo Uninstaller.lnk
2015-03-29 16:41 - 2015-03-29 16:41 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-29 16:36 - 2015-03-29 16:36 - 02168320 _____ () C:\Users\Kristina\Desktop\AdwCleaner_4.113.exe
2015-03-29 16:36 - 2015-03-29 16:36 - 01389240 _____ (Thisisu) C:\Users\Kristina\Desktop\JRT.exe
2015-03-29 16:35 - 2015-03-29 16:35 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kristina\Desktop\revosetup95.exe
2015-03-29 14:58 - 2015-03-29 17:18 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-29 14:39 - 2015-03-29 14:39 - 00013194 _____ () C:\Users\Kristina\Desktop\Gmer.txt
2015-03-29 14:24 - 2015-03-29 14:24 - 00380416 _____ () C:\Users\Kristina\Downloads\Gmer-19357.exe
2015-03-29 11:26 - 2015-03-29 11:27 - 00029833 _____ () C:\Users\Kristina\Downloads\Addition.txt
2015-03-29 11:25 - 2015-03-31 11:54 - 00021548 _____ () C:\Users\Kristina\Downloads\FRST.txt
2015-03-29 11:25 - 2015-03-31 11:54 - 00000000 ____D () C:\FRST
2015-03-29 11:24 - 2015-03-29 11:24 - 02095616 _____ (Farbar) C:\Users\Kristina\Downloads\FRST64.exe
2015-03-29 11:21 - 2015-03-29 11:21 - 00050477 _____ () C:\Users\Kristina\Downloads\Defogger.exe
2015-03-29 11:21 - 2015-03-29 11:21 - 00000478 _____ () C:\Users\Kristina\Downloads\defogger_disable.log
2015-03-29 11:21 - 2015-03-29 11:21 - 00000000 _____ () C:\Users\Kristina\defogger_reenable
2015-03-29 11:05 - 2015-03-29 16:51 - 00002702 _____ () C:\Users\Kristina\Desktop\Malewarebytes.txt
2015-03-29 10:54 - 2015-03-29 16:44 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-29 10:54 - 2015-03-29 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-29 10:54 - 2015-03-29 10:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-29 10:54 - 2015-03-29 10:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-29 10:54 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-29 10:54 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-29 10:54 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-29 10:53 - 2015-03-29 10:53 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Kristina\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-29 10:51 - 2015-03-29 10:51 - 00001776 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-29 10:51 - 2015-03-29 10:51 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Apple Computer
2015-03-29 10:51 - 2015-03-29 10:51 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Apple Computer
2015-03-29 10:51 - 2015-03-29 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-29 10:51 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2015-03-29 10:50 - 2015-03-29 10:51 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-29 10:50 - 2015-03-29 10:51 - 00000000 ____D () C:\Program Files\iTunes
2015-03-29 10:50 - 2015-03-29 10:50 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-29 10:50 - 2015-03-29 10:50 - 00000000 ____D () C:\Program Files\iPod
2015-03-29 10:50 - 2015-03-29 10:50 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-29 10:49 - 2015-03-29 10:50 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-29 10:49 - 2015-03-29 10:49 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-03-29 10:49 - 2015-03-29 10:49 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2015-03-29 10:49 - 2015-03-29 10:49 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Apple
2015-03-29 10:49 - 2015-03-29 10:49 - 00000000 ____D () C:\Program Files\Bonjour
2015-03-29 10:49 - 2015-03-29 10:49 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-03-29 10:49 - 2015-03-29 10:49 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-03-29 10:47 - 2015-03-29 10:48 - 152428336 _____ (Apple Inc.) C:\Users\Kristina\Downloads\itunes6464setup.exe
2015-03-28 21:40 - 2015-03-31 11:48 - 00720991 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-28 13:00 - 2015-03-28 13:02 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-28 13:00 - 2015-03-28 13:00 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Google
2015-03-24 16:06 - 2015-03-24 16:09 - 00000000 ____D () C:\Users\Kristina\Documents\Daten
2015-03-22 15:37 - 2015-03-22 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-19 18:31 - 2015-03-19 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chemie - Aber Sicher
2015-03-18 23:55 - 2015-03-18 23:55 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\PowerISO
2015-03-15 12:42 - 2015-02-07 01:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-15 12:42 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-15 12:42 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-15 12:42 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-15 12:42 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-15 12:42 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-15 12:42 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-15 12:42 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-15 12:42 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-15 12:42 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-15 12:42 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-15 12:42 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-15 12:42 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-15 12:42 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-15 12:42 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-15 12:42 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-15 12:42 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-15 12:42 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-15 12:42 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-15 12:42 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-15 12:42 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-15 12:42 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-15 12:42 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-15 12:42 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-15 12:42 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-15 12:42 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-15 12:42 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-15 12:42 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-15 12:42 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-15 12:42 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-15 12:42 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-15 12:42 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-15 12:42 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-15 12:42 - 2014-10-29 04:46 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2015-03-15 12:42 - 2014-10-29 04:46 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2015-03-15 12:42 - 2014-10-29 04:45 - 01198080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-03-15 12:42 - 2014-10-29 04:43 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe
2015-03-15 12:42 - 2014-10-29 04:34 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-03-15 12:42 - 2014-10-29 04:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2015-03-15 12:42 - 2014-10-29 04:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2015-03-15 12:42 - 2014-10-29 04:04 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll
2015-03-15 12:42 - 2014-10-29 04:03 - 00241152 ____C (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe
2015-03-15 12:42 - 2014-10-29 03:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe
2015-03-15 12:42 - 2014-10-29 03:52 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2015-03-15 12:42 - 2014-10-29 03:51 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-03-15 12:42 - 2014-10-29 03:45 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2015-03-15 12:42 - 2014-10-29 03:28 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2015-03-15 12:42 - 2014-10-29 03:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll
2015-03-15 12:42 - 2014-10-29 03:20 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-03-15 12:42 - 2014-10-29 03:15 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2015-03-15 12:42 - 2014-10-29 03:13 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-03-15 12:42 - 2014-10-29 02:55 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-03-15 12:42 - 2014-10-29 02:55 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2015-03-15 12:42 - 2014-10-29 02:44 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2015-03-15 12:42 - 2014-10-29 02:41 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2015-03-15 12:42 - 2014-10-29 02:35 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2015-03-15 12:41 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-15 12:41 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-15 12:41 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-15 12:41 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-15 12:41 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-15 12:41 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-15 12:41 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-15 12:41 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-15 12:41 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-15 12:41 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-15 12:41 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-15 12:41 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-15 12:41 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-15 12:41 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-15 12:41 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-15 12:41 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-15 12:41 - 2014-10-29 03:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2015-03-15 12:41 - 2014-10-29 02:59 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll
2015-03-11 18:14 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-11 18:14 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-11 18:14 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-11 18:14 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-11 18:14 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-11 18:14 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-11 18:14 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-11 18:14 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-11 18:14 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-11 18:14 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-11 18:14 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-11 18:14 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-11 18:14 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-11 18:14 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-11 18:14 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-11 18:14 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-11 18:14 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-11 18:14 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-11 18:14 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-11 18:14 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-11 18:14 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-11 18:14 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-11 18:14 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-11 18:14 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-11 18:14 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-11 18:14 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-11 18:14 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-11 18:14 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-11 18:14 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-11 18:14 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-11 18:14 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-11 18:14 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-11 18:14 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-11 18:14 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-11 18:14 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-11 18:14 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-11 18:14 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-11 18:14 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-11 18:14 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-11 18:14 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-11 18:14 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-11 18:14 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-11 18:14 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-11 18:14 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-11 18:14 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-11 18:14 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-11 18:14 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-11 18:14 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-11 18:14 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-11 18:14 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-11 18:14 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-11 18:14 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-11 18:14 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-11 18:14 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-11 18:14 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-11 18:14 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-11 18:14 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-11 18:14 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-11 18:14 - 2014-10-29 05:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-03-11 18:14 - 2014-10-29 04:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-03-11 18:14 - 2014-10-29 04:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-03-11 18:14 - 2014-10-29 04:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-03-11 18:14 - 2014-10-29 04:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-03-11 18:14 - 2014-10-29 04:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-03-11 18:14 - 2014-10-29 04:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-03-11 18:14 - 2014-10-29 04:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-03-07 18:59 - 2015-03-31 11:47 - 00000000 ____D () C:\Users\Kristina\Documents\Outlook-Dateien
2015-03-07 18:58 - 2015-03-29 22:52 - 08397824 _____ () C:\Users\Kristina\muench.kristina@voehlin.de.pst
2015-03-07 18:51 - 2015-03-29 22:52 - 10429440 _____ () C:\Users\Kristina\krissi79@web.de.pst
2015-03-05 20:01 - 2015-03-05 20:01 - 00001111 _____ () C:\Users\Kristina\Desktop\FreeCommander XE.lnk
2015-03-05 20:01 - 2015-03-05 20:01 - 00000000 ____D () C:\Users\Kristina\AppData\Local\FreeCommanderXE
2015-03-05 20:01 - 2015-03-05 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCommander XE
2015-03-05 20:01 - 2015-03-05 20:01 - 00000000 ____D () C:\Program Files (x86)\FreeCommander XE
2015-03-04 18:52 - 2015-03-27 11:31 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Nitro PDF
2015-03-02 21:13 - 2015-03-02 21:13 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\vlc
2015-03-02 21:06 - 2015-03-02 21:06 - 00000958 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-02 21:06 - 2015-03-02 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-02 21:06 - 2015-03-02 21:06 - 00000000 ____D () C:\Program Files (x86)\vlc
2015-03-02 20:52 - 2015-03-02 20:52 - 00000835 _____ () C:\Users\Public\Desktop\PowerISO.lnk
2015-03-02 20:52 - 2015-03-02 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-03-02 20:52 - 2015-03-02 20:52 - 00000000 ____D () C:\Program Files\PowerISO
2015-03-02 20:52 - 2014-10-08 15:13 - 00127760 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys
2015-03-02 18:31 - 2015-03-02 18:31 - 00000000 __SHD () C:\Users\Kristina\AppData\Local\EmieBrowserModeList
2015-03-02 17:07 - 2015-03-29 10:49 - 00000000 ____D () C:\ProgramData\Apple
2015-03-02 17:07 - 2015-03-02 17:07 - 00001180 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk
2015-03-02 17:07 - 2015-03-02 17:07 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\com.wd.WDMyCloud
2015-03-02 17:07 - 2015-03-02 17:07 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Western Digital
2015-03-02 17:07 - 2015-03-02 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-03-02 17:07 - 2015-03-02 17:07 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-03-02 10:22 - 2015-03-15 13:18 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-02 10:22 - 2015-03-15 13:15 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-02 10:20 - 2015-03-02 10:20 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-03-02 10:20 - 2015-03-02 10:20 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-03-02 00:09 - 2015-03-19 18:22 - 00000000 ____D () C:\Programme_Schule
2015-03-01 17:47 - 2014-11-10 04:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-03-01 17:47 - 2014-11-10 03:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-03-01 17:47 - 2014-09-22 06:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-03-01 17:47 - 2014-09-19 02:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-03-01 17:46 - 2014-12-09 05:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-03-01 17:46 - 2014-12-09 03:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-03-01 17:46 - 2014-10-31 01:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-03-01 17:46 - 2014-10-31 01:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-03-01 17:46 - 2014-09-27 09:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-03-01 17:46 - 2014-09-27 07:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-03-01 17:46 - 2014-09-27 05:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-03-01 17:45 - 2015-01-16 00:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-03-01 17:45 - 2015-01-16 00:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-03-01 17:45 - 2015-01-14 06:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-03-01 17:45 - 2015-01-14 05:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-03-01 17:45 - 2014-12-09 03:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-03-01 17:45 - 2014-10-29 04:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-03-01 17:45 - 2014-10-29 04:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-03-01 17:45 - 2014-10-29 04:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-03-01 17:45 - 2014-10-29 04:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-03-01 17:45 - 2014-10-29 04:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-03-01 17:45 - 2014-10-29 04:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-03-01 17:45 - 2014-10-29 03:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-03-01 17:45 - 2014-10-29 03:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-03-01 17:45 - 2014-10-29 03:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-03-01 17:45 - 2014-10-29 03:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-03-01 17:45 - 2014-10-29 03:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-03-01 17:45 - 2014-10-29 03:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-03-01 17:45 - 2014-10-29 03:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-03-01 17:44 - 2014-12-19 10:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-03-01 17:44 - 2014-12-19 10:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-03-01 17:44 - 2014-12-19 08:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-03-01 17:44 - 2014-12-13 23:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-03-01 17:44 - 2014-12-13 23:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-03-01 17:44 - 2014-12-12 04:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-03-01 17:44 - 2014-12-12 02:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-03-01 17:44 - 2014-10-29 03:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-03-01 17:44 - 2014-10-29 03:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-03-01 17:44 - 2014-10-29 03:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-03-01 17:44 - 2014-10-29 03:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-03-01 17:44 - 2014-10-13 04:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-03-01 17:44 - 2014-10-11 02:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-03-01 17:44 - 2014-10-11 02:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-03-01 17:44 - 2014-10-08 09:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2015-03-01 17:44 - 2014-10-08 09:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2015-03-01 17:44 - 2014-10-08 08:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2015-03-01 17:44 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2015-03-01 17:44 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2015-03-01 17:44 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-03-01 17:44 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2015-03-01 17:44 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2015-03-01 17:44 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2015-03-01 17:44 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2015-03-01 17:39 - 2014-08-23 07:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-03-01 17:39 - 2014-08-23 07:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-03-01 17:39 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-03-01 17:39 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-03-01 17:37 - 2014-05-19 08:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2015-03-01 17:37 - 2014-05-19 08:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2015-03-01 17:37 - 2014-05-19 07:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2015-03-01 17:35 - 2015-01-12 04:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-03-01 17:35 - 2015-01-12 03:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-03-01 17:35 - 2015-01-12 03:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-03-01 17:35 - 2015-01-12 03:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-03-01 17:35 - 2014-11-22 04:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-03-01 17:35 - 2014-11-22 04:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-03-01 17:35 - 2014-10-31 07:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2015-03-01 17:35 - 2014-10-31 07:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2015-03-01 17:35 - 2014-10-31 07:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2015-03-01 17:35 - 2014-10-31 07:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2015-03-01 17:35 - 2014-10-31 07:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2015-03-01 17:35 - 2014-10-31 07:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2015-03-01 17:35 - 2014-10-31 07:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-03-01 17:35 - 2014-10-31 07:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2015-03-01 17:35 - 2014-10-31 06:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-03-01 17:35 - 2014-10-31 06:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-03-01 17:35 - 2014-10-31 06:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2015-03-01 17:35 - 2014-10-31 06:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-03-01 17:35 - 2014-10-31 06:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2015-03-01 17:35 - 2014-10-31 06:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2015-03-01 17:35 - 2014-10-31 06:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2015-03-01 17:35 - 2014-10-31 06:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2015-03-01 17:35 - 2014-10-31 06:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2015-03-01 17:35 - 2014-10-31 06:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2015-03-01 17:35 - 2014-10-31 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-03-01 17:35 - 2014-10-31 06:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-03-01 17:35 - 2014-10-31 06:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-03-01 17:35 - 2014-10-31 06:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2015-03-01 17:35 - 2014-10-31 06:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2015-03-01 17:35 - 2014-10-31 05:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2015-03-01 17:35 - 2014-10-31 05:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2015-03-01 17:35 - 2014-10-31 05:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2015-03-01 17:35 - 2014-10-31 05:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2015-03-01 17:35 - 2014-10-31 05:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2015-03-01 17:35 - 2014-10-31 05:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2015-03-01 17:35 - 2014-10-31 05:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2015-03-01 17:35 - 2014-10-31 05:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2015-03-01 17:35 - 2014-10-31 05:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2015-03-01 17:35 - 2014-10-31 05:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-03-01 17:35 - 2014-10-31 05:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2015-03-01 17:35 - 2014-10-31 05:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2015-03-01 17:35 - 2014-10-31 05:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-03-01 17:35 - 2014-10-31 05:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2015-03-01 17:35 - 2014-10-31 05:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2015-03-01 17:35 - 2014-10-31 05:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-03-01 17:35 - 2014-10-31 05:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2015-03-01 17:35 - 2014-10-31 04:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-01 17:35 - 2014-10-31 04:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2015-03-01 17:35 - 2014-10-31 04:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2015-03-01 17:35 - 2014-10-31 04:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-03-01 17:35 - 2014-10-31 04:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-03-01 17:35 - 2014-10-31 04:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2015-03-01 17:35 - 2014-10-31 04:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2015-03-01 17:35 - 2014-10-31 04:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-03-01 17:35 - 2014-10-31 04:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2015-03-01 17:35 - 2014-08-23 08:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2015-03-01 17:35 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2015-03-01 17:35 - 2014-08-23 06:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2015-03-01 17:34 - 2014-11-10 01:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-03-01 17:34 - 2014-11-10 01:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-03-01 17:34 - 2014-11-10 01:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-03-01 17:34 - 2014-11-10 01:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-03-01 17:33 - 2014-08-16 06:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2015-03-01 17:33 - 2014-08-16 05:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-03-01 17:33 - 2014-08-16 05:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2015-03-01 17:33 - 2014-08-16 03:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-03-01 17:33 - 2014-08-16 03:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2015-03-01 17:33 - 2014-08-16 02:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-03-01 17:33 - 2014-08-16 02:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2015-03-01 17:33 - 2014-08-16 02:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2015-03-01 17:33 - 2014-08-16 02:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-03-01 17:33 - 2014-08-16 02:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2015-03-01 17:33 - 2014-08-16 02:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2015-03-01 17:33 - 2014-08-16 02:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2015-03-01 17:33 - 2014-08-16 02:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2015-03-01 17:33 - 2014-08-16 02:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-03-01 17:33 - 2014-08-16 02:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-03-01 17:33 - 2014-08-16 02:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2015-03-01 17:33 - 2014-08-16 02:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-03-01 17:33 - 2014-08-16 02:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-03-01 17:33 - 2014-08-16 02:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2015-03-01 17:33 - 2014-08-16 02:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-03-01 17:33 - 2014-08-16 02:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2015-03-01 17:33 - 2014-08-16 02:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2015-03-01 17:33 - 2014-08-16 02:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-03-01 17:33 - 2014-08-16 02:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-03-01 17:32 - 2014-10-23 07:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2015-03-01 17:32 - 2014-10-23 07:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2015-03-01 17:32 - 2014-09-10 08:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-03-01 17:32 - 2014-09-08 05:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-03-01 17:32 - 2014-09-08 05:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-03-01 17:32 - 2014-09-04 05:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-03-01 17:32 - 2014-09-04 04:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-03-01 17:32 - 2014-09-04 02:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2015-03-01 17:32 - 2014-08-31 02:17 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2015-03-01 17:32 - 2014-08-31 00:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2015-03-01 17:32 - 2014-08-30 23:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2015-03-01 17:32 - 2014-08-30 23:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-03-01 17:32 - 2014-08-30 22:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2015-03-01 17:32 - 2014-08-30 22:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-03-01 17:32 - 2014-08-28 02:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2015-03-01 17:32 - 2014-08-28 02:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2015-03-01 17:32 - 2014-08-23 07:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-03-01 17:32 - 2014-08-23 07:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-03-01 17:32 - 2014-08-23 06:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-03-01 17:32 - 2014-08-02 02:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-03-01 17:32 - 2014-08-02 02:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-03-01 17:30 - 2014-12-06 05:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-03-01 17:30 - 2014-12-06 03:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-03-01 17:30 - 2014-10-29 03:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-03-01 17:30 - 2014-10-29 03:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-03-01 17:30 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-03-01 17:30 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-03-01 17:29 - 2015-01-19 20:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-03-01 17:29 - 2014-12-08 21:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-03-01 17:29 - 2014-12-08 21:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-03-01 17:29 - 2014-12-08 21:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-03-01 17:29 - 2014-12-08 21:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-03-01 17:29 - 2014-12-08 21:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-03-01 17:29 - 2014-12-08 21:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-03-01 17:29 - 2014-12-08 21:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-03-01 17:29 - 2014-12-08 21:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-03-01 17:29 - 2014-12-06 03:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-03-01 17:29 - 2014-10-31 00:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-03-01 17:29 - 2014-10-31 00:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-03-01 17:29 - 2014-10-29 06:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-03-01 17:29 - 2014-10-29 06:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-03-01 17:29 - 2014-10-29 05:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-03-01 17:29 - 2014-10-29 05:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-03-01 17:29 - 2014-10-29 05:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-03-01 17:29 - 2014-10-29 05:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-03-01 17:29 - 2014-10-29 05:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-03-01 17:29 - 2014-10-29 05:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-03-01 17:29 - 2014-10-29 05:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-03-01 17:29 - 2014-10-29 05:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-03-01 17:29 - 2014-10-29 05:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-03-01 17:29 - 2014-10-29 04:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-03-01 17:29 - 2014-10-29 03:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-03-01 17:29 - 2014-10-29 03:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-03-01 17:29 - 2014-10-13 04:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-03-01 17:29 - 2014-10-13 04:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-03-01 17:29 - 2014-10-13 04:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-03-01 17:29 - 2014-10-13 04:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-03-01 17:29 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-03-01 13:56 - 2015-03-01 13:56 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-31 11:53 - 2014-11-29 07:05 - 00770130 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-31 11:53 - 2014-11-29 07:05 - 00160912 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-31 11:53 - 2014-03-18 11:53 - 01789004 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-31 11:52 - 2015-02-27 20:03 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3852607773-491357534-3998752114-1001
2015-03-31 11:50 - 2014-11-28 22:40 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2015-03-31 11:47 - 2015-02-27 20:01 - 00000000 ___RD () C:\Users\Kristina\OneDrive
2015-03-31 11:47 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-31 11:46 - 2014-11-28 22:44 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf
2015-03-31 11:46 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-31 11:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-29 23:15 - 2015-02-27 19:57 - 00000000 ____D () C:\Users\Kristina
2015-03-29 22:46 - 2015-02-27 20:18 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Microsoft Help
2015-03-29 22:37 - 2015-02-27 20:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-29 22:33 - 2013-08-22 16:44 - 00492968 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-29 22:30 - 2013-08-22 15:25 - 00000167 _____ () C:\WINDOWS\win.ini
2015-03-29 22:27 - 2014-04-03 20:24 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-03-29 22:27 - 2014-03-18 11:38 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-03-29 22:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-29 22:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-29 16:54 - 2015-02-27 19:57 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Pokki
2015-03-29 14:58 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-29 14:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-28 13:00 - 2015-02-28 22:35 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-28 13:00 - 2015-02-28 22:35 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-24 16:11 - 2015-02-27 21:58 - 00000000 ____D () C:\Users\Kristina\Documents\Schule
2015-03-23 09:36 - 2015-02-27 22:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-22 12:07 - 2014-11-28 22:41 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-16 16:38 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-16 08:53 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-16 08:53 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-16 08:52 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-16 08:52 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-16 08:52 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-16 08:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-16 08:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-15 13:18 - 2013-08-22 17:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-12 08:45 - 2015-02-27 19:57 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Adobe
2015-03-10 09:13 - 2015-02-27 19:57 - 00000000 ____D () C:\Users\Kristina\AppData\Local\VirtualStore
2015-03-07 21:39 - 2014-11-28 22:16 - 01809786 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-03-04 23:24 - 2013-08-22 17:38 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-04 23:24 - 2013-08-22 17:38 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-03 17:36 - 2015-02-28 22:39 - 00102912 ___SH () C:\Users\Kristina\Downloads\Thumbs.db
2015-03-02 21:13 - 2015-02-27 19:57 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Packages
2015-03-02 17:11 - 2014-11-28 22:39 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-03-02 12:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-03-02 12:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-03-02 12:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-03-02 12:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-02 12:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-02 12:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-02 12:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-01 13:57 - 2015-02-28 23:11 - 00000000 ____D () C:\ProgramData\Adobe

==================== Files in the root of some directories =======

2014-11-28 22:17 - 2014-11-28 22:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Kristina\AppData\Local\Temp\ose00000.exe
C:\Users\Kristina\AppData\Local\Temp\Quarantine.exe
C:\Users\Kristina\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-22 21:07

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 31.03.2015 16:55
Noch Probleme?

kmuench 31.03.2015 17:36
Vielen Dank für die Hilfe
 
Nein, schaut so weit gut aus. Vielen Dank für deine Hilfe

schrauber 01.04.2015 05:57
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren .
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.pngAbsicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:26 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131