Trojaner-Board - HEUR/QVM10.1.Malware.Gen kann von 360 Internet Security nicht entfernt werden

Hallo,

ich habe mich leider viel zu lange auf Windows Defender verlassen :balla:
In einer Stunde der Erleuchtung habe ich heute 360 Security Scan laufen lassen und direkt mehrere Befunde gehabt.
HEUR/QVM10.1.Malware.Gen hält sich aber weiterhin auch nach mehreren Löschversuchen und Neustarts hartnäckig im System fest.
Spezifische Symptome gibt es bisher keine. Die Kiste ist allgemein langsam.

Scans sehen wie folgt aus:
360 Internet Security Scan

Code:

360 Internet Security Scan log
 

Virus Database version: 2015-04-04 00:26

Date &amp; time: 2015-04-04 18:49:07

Time elapsed: 03:38:17

Type: Full Scan

Files scanned: 205129

Threats: 0

Threats cleared: 0
 

Current scan settings

----------------------

Scanned all files: No

Scanned Zip files: No

Resolution: User to decide on resolution

Scanned disk Boot Sector: Yes

Scanned for Rootkit: No

Used Cloud Engine: Yes

QVM Engine: Yes

Automatically repair: Yes

AV Engine settings: BitDefender 
 

Scan content

----------------------

Overall
 

Whitelist

----------------------
 
 

Scan results

======================

No threats detected

360 Internet Security Real Time Protect

Code:

360 Internet Security Real-time Protection log
 

DateTime             Event                         Virus name                           Results                                                                                           File     

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

2015-04-05 00:37:18     Detected security threats     HEUR/QVM11.0.Malware.Gen             Access to this file has been disabled, this file cannot be used or moved.     C:\Windows\mod_frst.exe     

2015-04-05 00:33:05     Detected security threats     HEUR/QVM10.1.Malware.Gen             Access to this file has been disabled, this file cannot be used or moved.     C:\PROGRA~2\SEARCH~1\SearchProtect\bin\cltmng.exe     

2015-04-05 00:04:39     Detected security threats     HEUR/QVM10.1.Malware.Gen             Access to this file has been disabled, this file cannot be used or moved.     C:\PROGRA~2\SEARCH~1\SearchProtect\bin\cltmng.exe     

2015-04-05 00:02:57     Detected security threats     HEUR/QVM10.1.Malware.Gen             Access to this file has been disabled, this file cannot be used or moved.     C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe     

2015-04-04 23:35:23     Detected security threats     HEUR/QVM10.1.Malware.Gen             Access to this file has been disabled, this file cannot be used or moved.     C:\PROGRA~2\SEARCH~1\SearchProtect\bin\cltmng.exe     

2015-04-04 23:30:14     Detected security threats     HEUR/QVM10.1.Malware.Gen             Access to this file has been disabled, this file cannot be used or moved.     C:\PROGRA~2\SEARCH~1\SearchProtect\bin\cltmng.exe     

2015-04-04 23:27:31     Detected security threats     HEUR/QVM10.1.Malware.Gen             Access to this file has been disabled, this file cannot be used or moved.     C:\PROGRA~2\SEARCH~1\SearchProtect\bin\cltmng.exe     

2015-04-04 23:25:56     Detected security threats     HEUR/QVM10.1.Malware.Gen             Access to this file has been disabled, this file cannot be used or moved.     C:\PROGRA~2\SEARCH~1\SearchProtect\bin\cltmng.exe     

2015-04-04 22:57:48     Detected security threats     HEUR/QVM10.1.Malware.Gen             Access to this file has been disabled, this file cannot be used or moved.     C:\PROGRA~2\SEARCH~1\SearchProtect\bin\cltmng.exe     

2015-04-04 22:44:36     Detected security threats     HEUR/QVM10.1.Malware.Gen             Access to this file has been disabled, this file cannot be used or moved.     C:\PROGRA~2\SEARCH~1\SearchProtect\bin\cltmng.exe     

2015-04-04 18:41:50     Detected security threats     HEUR/QVM10.1.Malware.Gen             Access to this file has been disabled, this file cannot be used or moved.     C:\PROGRA~2\SEARCH~1\UI\bin\cltmngui.exe     

2015-04-04 18:41:42     Detected security threats     HEUR/QVM10.1.Malware.Gen             Access to this file has been disabled, this file cannot be used or moved.     C:\PROGRA~2\SEARCH~1\SearchProtect\bin\cltmng.exe     

2015-04-04 18:38:27     Detected security threats     HEUR/QVM10.1.Malware.Gen             Access to this file has been disabled, this file cannot be used or moved.     C:\PROGRA~2\SEARCH~1\UI\bin\cltmngui.exe     

2015-04-04 18:38:22     Detected security threats     HEUR/QVM10.1.Malware.Gen             Access to this file has been disabled, this file cannot be used or moved.     C:\PROGRA~2\SEARCH~1\SearchProtect\bin\cltmng.exe     

2015-04-04 18:38:02     Detected security threats     HEUR/QVM20.0.Malware.Gen             Access to this file has been disabled, this file cannot be used or moved.     C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe     

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Defogger

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 00:29 on 05/04/2015 (Wiebke)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

FRST

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by Wiebke (administrator) on SIRFANCYPANTS on 05-04-2015 00:32:51

Running from C:\Users\Wiebke\Desktop

Loaded Profiles: Wiebke (Available profiles: Wiebke & Martin & Administrator)

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Qihu 360 Software Co., Ltd.) D:\Application\360 Internet Security\360rps.exe

(Qihu 360 Software Co., Ltd.) D:\Application\360 Internet Security\deepscan\QHActiveDefense.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe

(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

(Qihu 360 Software Co., Ltd.) D:\Application\360 Internet Security\360sd.exe

(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe

(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Qihu 360 Software Co., Ltd.) D:\Application\360 Internet Security\safemon\360Tray.exe

(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe

(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe

(Qihu 360 Software Co., Ltd.) D:\Application\360 Internet Security\360rp.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-10-03] (ELAN Microelectronics Corp.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-03-08] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-03-08] (Lenovo(beijing) Limited)

HKLM\...\Run: [360sd] => D:\Application\360 Internet Security\360sdrun.exe [287560 2014-04-16] (Qihu 360 Software Co., Ltd.)

HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)

HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-23] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKU\S-1-5-21-2638402565-1467238506-476182491-1002\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)

AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [263952 2015-03-16] (Client Connect LTD)

AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [223504 2015-03-16] (Client Connect LTD)

ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-2638402565-1467238506-476182491-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3317742&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=55&CUI=&UM=5&UP=SP72865909-810B-498E-AD55-AA893A0CCA84&SSPV=

HKU\S-1-5-21-2638402565-1467238506-476182491-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com

HKU\S-1-5-21-2638402565-1467238506-476182491-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com

SearchScopes: HKU\S-1-5-21-2638402565-1467238506-476182491-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP72865909-810B-498E-AD55-AA893A0CCA84&q={searchTerms}&SSPV=

SearchScopes: HKU\S-1-5-21-2638402565-1467238506-476182491-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP72865909-810B-498E-AD55-AA893A0CCA84&q={searchTerms}&SSPV=

SearchScopes: HKU\S-1-5-21-2638402565-1467238506-476182491-1002 -> {DC4D076E-9397-420C-8835-98B6C074D131} URL = 

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> D:\Application\360 Internet Security\safemon\safemon64.dll [2014-04-23] (Qihu 360 Software Co., Ltd.)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-12] (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-12] (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Wiebke\AppData\Roaming\Mozilla\Firefox\Profiles\li9tsb2y.default

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-12] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-12] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-13] (Nitro PDF)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Extension: Ageless - C:\Users\Wiebke\AppData\Roaming\Mozilla\Firefox\Profiles\li9tsb2y.default\Extensions\2341n4m3@gmail.com.xpi [2014-09-22]

FF Extension: Adblock Plus - C:\Users\Wiebke\AppData\Roaming\Mozilla\Firefox\Profiles\li9tsb2y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-05]
 

Chrome: 

=======

CHR HomePage: Default -> hxxp://google.com/

CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP72865909-810B-498E-AD55-AA893A0CCA84&SSPV="

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-05]

CHR Extension: (Google Drive) - C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-05]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-23]

CHR Extension: (YouTube) - C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-05]

CHR Extension: (Google Search) - C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-05]

CHR Extension: (Google Wallet) - C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-05]

CHR Extension: (Gmail) - C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-05]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 360rp; D:\Application\360 Internet Security\360rps.exe [310352 2014-04-16] (Qihu 360 Software Co., Ltd.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-23] (Advanced Micro Devices, Inc.) [File not signed]

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)

R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3251472 2015-03-16] (Client Connect LTD)

S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()

R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)

S3 scan; D:\Application\360 Internet Security\scan.dll [420424 2014-04-25] (S.C. BitDefender S.R.L)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

R2 ZhuDongFangYu; D:\Application\360 Internet Security\deepscan\QHActiveDefense.exe [236360 2014-04-23] (Qihu 360 Software Co., Ltd.)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [97872 2014-04-21] (Qihu 360 Software Co., Ltd.)

R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [67664 2014-04-23] (Qihu 360 Software Co., Ltd.)

R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305744 2014-04-29] (Qihu 360 Software Co., Ltd.)

R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [41552 2014-04-29] (Qihu 360 Software Co., Ltd.)

R1 360fsflt; C:\Windows\System32\DRIVERS\360FsFlt.sys [304208 2014-05-07] (Qihu 360 Software Co., Ltd.)

S1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2014-04-18] (Qihu 360 Software Co., Ltd.)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8222736 2012-06-15] (Realtek Semiconductor Corp.)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]

R3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-04-05 00:32 - 2015-04-05 00:35 - 00015922 _____ () C:\Users\Wiebke\Desktop\FRST.txt

2015-04-05 00:32 - 2015-04-05 00:33 - 00000000 ____D () C:\FRST

2015-04-05 00:31 - 2015-04-05 00:31 - 02095616 _____ (Farbar) C:\Users\Wiebke\Desktop\FRST64.exe

2015-04-05 00:29 - 2015-04-05 00:29 - 00000474 _____ () C:\Users\Wiebke\Desktop\defogger_disable.log

2015-04-05 00:29 - 2015-04-05 00:29 - 00000000 _____ () C:\Users\Wiebke\defogger_reenable

2015-04-05 00:27 - 2015-04-05 00:27 - 00050477 _____ () C:\Users\Wiebke\Desktop\Defogger.exe

2015-04-05 00:02 - 2015-04-05 00:02 - 00000000 __SHD () C:\360Rec

2015-04-04 18:37 - 2015-04-04 18:37 - 00002802 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC

2015-04-04 18:36 - 2015-04-04 18:37 - 00000000 ____D () C:\Program Files\CCleaner

2015-04-04 18:35 - 2014-05-14 11:40 - 00022992 _____ (Qihu 360 Software Co., Ltd.) C:\WINDOWS\system32\Drivers\efimon.sys

2015-04-04 18:34 - 2015-04-05 00:27 - 00000000 ____D () C:\Users\Wiebke\AppData\Roaming\360safe

2015-04-04 18:34 - 2015-04-04 23:14 - 00000000 ____D () C:\ProgramData\360SD

2015-04-04 18:34 - 2015-04-04 18:34 - 00000756 _____ () C:\Users\Public\Desktop\360 Internet Security.lnk

2015-04-04 18:34 - 2015-04-04 18:34 - 00000000 ____D () C:\Users\Wiebke\AppData\Roaming\360SD

2015-04-04 18:34 - 2015-04-04 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Internet Security

2015-04-04 18:34 - 2014-05-07 11:44 - 00304208 _____ (Qihu 360 Software Co., Ltd.) C:\WINDOWS\system32\Drivers\360FsFlt.sys

2015-04-04 18:34 - 2014-04-29 05:50 - 00041552 _____ (Qihu 360 Software Co., Ltd.) C:\WINDOWS\system32\Drivers\360Camera64.sys

2015-04-04 18:34 - 2014-04-23 10:32 - 00067664 _____ (Qihu 360 Software Co., Ltd.) C:\WINDOWS\system32\Drivers\360AvFlt.sys

2015-04-04 18:34 - 2014-04-21 08:38 - 00097872 _____ (Qihu 360 Software Co., Ltd.) C:\WINDOWS\system32\Drivers\360AntiHacker64.sys

2015-04-04 18:34 - 2014-04-18 08:42 - 00180816 _____ (Qihu 360 Software Co., Ltd.) C:\WINDOWS\system32\Drivers\BAPIDRV64.SYS

2015-04-04 18:33 - 2015-04-04 23:16 - 00000000 _RSHD () C:\360SANDBOX

2015-04-04 18:33 - 2014-04-29 08:20 - 00305744 _____ (Qihu 360 Software Co., Ltd.) C:\WINDOWS\system32\Drivers\360Box64.sys

2015-04-04 18:26 - 2015-04-04 18:26 - 01203488 _____ () C:\Users\Wiebke\Downloads\360 Internet Security - CHIP-Installer.exe

2015-04-04 18:22 - 2015-04-04 18:23 - 04218880 _____ (Piriform Ltd) C:\Users\Wiebke\Downloads\ccsetup504_slim.exe

2015-04-03 22:53 - 2015-04-03 22:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-03-24 22:11 - 2015-03-24 22:11 - 00000000 ____D () C:\Users\Wiebke\AppData\Roaming\OpenOffice

2015-03-24 22:09 - 2015-03-24 22:09 - 00001132 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk

2015-03-24 22:09 - 2015-03-24 22:09 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1

2015-03-24 22:07 - 2015-03-24 22:08 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4

2015-03-24 21:49 - 2015-03-24 21:49 - 01203488 _____ () C:\Users\Wiebke\Downloads\OpenOffice - CHIP-Installer.exe

2015-03-24 21:47 - 2015-03-24 21:47 - 00000000 ____D () C:\Users\Wiebke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftMaker Viewer

2015-03-24 21:47 - 2015-03-24 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftMaker Viewer

2015-03-24 21:47 - 2015-03-24 21:47 - 00000000 ____D () C:\Program Files (x86)\SoftMaker Viewer

2015-03-24 21:47 - 2010-02-03 18:27 - 00068640 _____ () C:\WINDOWS\unTMV.exe

2015-03-24 21:41 - 2015-03-24 21:41 - 01203488 _____ () C:\Users\Wiebke\Downloads\TextMaker Viewer 2010 - CHIP-Installer.exe

2015-03-24 21:17 - 2015-03-30 15:59 - 00000000 ____D () C:\Users\Wiebke\AppData\Local\avaavxvyex

2015-03-24 21:17 - 2015-03-24 21:17 - 00003492 _____ () C:\WINDOWS\System32\Tasks\avaavxvyex

2015-03-22 04:20 - 2015-03-22 04:20 - 00000000 ____D () C:\Users\Wiebke\AppData\Local\avayvaxvaa

2015-03-19 01:40 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2015-03-19 01:40 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2015-03-19 01:40 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2015-03-19 01:40 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe

2015-03-19 01:40 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe

2015-03-19 01:39 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2015-03-19 01:39 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2015-03-19 01:39 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2015-03-19 01:39 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2015-03-19 01:39 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2015-03-19 01:39 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2015-03-19 01:39 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2015-03-19 01:39 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2015-03-19 01:39 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2015-03-19 01:39 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2015-03-19 01:39 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2015-03-19 01:39 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2015-03-19 01:39 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2015-03-19 01:39 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2015-03-19 01:39 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2015-03-19 01:39 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2015-03-19 01:39 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2015-03-19 01:39 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2015-03-19 01:39 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2015-03-19 01:39 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2015-03-19 01:39 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2015-03-19 01:39 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2015-03-19 01:39 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2015-03-19 01:39 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2015-03-19 01:39 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2015-03-19 01:39 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2015-03-19 01:39 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2015-03-19 01:39 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2015-03-19 01:39 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2015-03-19 01:39 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2015-03-19 01:39 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2015-03-19 01:39 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2015-03-19 01:39 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2015-03-19 01:39 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2015-03-19 01:38 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2015-03-19 01:38 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2015-03-19 01:38 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2015-03-19 01:38 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2015-03-19 01:38 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2015-03-19 01:38 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2015-03-19 01:38 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll

2015-03-19 01:38 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll

2015-03-19 01:38 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll

2015-03-19 01:38 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll

2015-03-19 01:38 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll

2015-03-19 01:38 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll

2015-03-19 01:38 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll

2015-03-19 01:38 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll

2015-03-19 01:38 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

2015-03-19 01:38 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll

2015-03-19 01:38 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll

2015-03-19 01:37 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll

2015-03-19 01:37 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll

2015-03-19 01:37 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2015-03-19 01:37 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2015-03-19 01:37 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

2015-03-19 01:37 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2015-03-19 01:37 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2015-03-19 01:37 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll

2015-03-19 01:37 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll

2015-03-19 01:37 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2015-03-19 01:37 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2015-03-19 01:37 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

2015-03-19 01:37 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2015-03-19 01:37 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2015-03-19 01:37 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2015-03-19 01:37 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2015-03-19 01:37 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2015-03-19 01:37 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2015-03-19 01:37 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2015-03-19 01:37 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2015-03-19 01:37 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll

2015-03-19 01:37 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll

2015-03-19 01:37 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2015-03-19 01:37 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2015-03-19 01:36 - 2015-02-07 01:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml

2015-03-19 01:36 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2015-03-19 01:36 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys

2015-03-19 01:36 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys

2015-03-19 01:36 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys

2015-03-19 01:36 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll

2015-03-19 01:36 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll

2015-03-19 01:35 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll

2015-03-19 01:35 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll

2015-03-19 01:35 - 2015-01-30 05:01 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys

2015-03-19 01:35 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll

2015-03-19 01:35 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll

2015-03-19 01:35 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll

2015-03-19 01:35 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll

2015-03-19 01:35 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll

2015-03-19 01:35 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll

2015-03-19 01:35 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll

2015-03-19 01:35 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll

2015-03-19 01:35 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll

2015-03-19 01:35 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll

2015-03-19 01:35 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll

2015-03-19 01:35 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll

2015-03-19 01:35 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll

2015-03-19 01:35 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll

2015-03-19 01:35 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

2015-03-19 01:35 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe

2015-03-14 23:52 - 2015-03-14 23:52 - 00000000 __SHD () C:\Users\Wiebke\AppData\Local\EmieBrowserModeList
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-04-05 00:32 - 2014-02-10 15:40 - 01410903 _____ () C:\WINDOWS\WindowsUpdate.log

2015-04-05 00:29 - 2014-02-10 15:13 - 00000000 ____D () C:\Users\Wiebke

2015-04-05 00:18 - 2013-12-02 19:26 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2638402565-1467238506-476182491-1002

2015-04-05 00:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2015-04-05 00:05 - 2014-02-10 16:24 - 00000000 __RDO () C:\Users\Wiebke\SkyDrive

2015-04-05 00:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-04-04 23:59 - 2013-08-22 16:46 - 00391615 _____ () C:\WINDOWS\setupact.log

2015-04-04 23:59 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-04-04 23:58 - 2013-08-22 15:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI

2015-04-04 22:59 - 2013-12-23 23:29 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-04-04 22:32 - 2013-08-22 16:44 - 00434728 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2015-04-04 22:31 - 2013-12-23 20:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-04-04 22:31 - 2013-11-14 00:18 - 00093340 _____ () C:\WINDOWS\PFRO.log

2015-04-04 21:20 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-04-04 21:20 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat

2015-04-04 21:20 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat

2015-04-04 18:59 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-04-02 22:40 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache

2015-03-24 21:17 - 2013-12-23 19:50 - 00000000 ____D () C:\Program Files (x86)\SearchProtect

2015-03-23 23:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2015-03-23 23:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-03-23 23:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-03-23 23:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2015-03-23 23:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore

2015-03-23 23:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender

2015-03-23 23:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2015-03-19 08:04 - 2013-12-04 11:46 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-03-19 07:26 - 2014-02-05 19:48 - 00000000 ____D () C:\WINDOWS\system32\MRT

2015-03-19 03:51 - 2014-02-05 19:48 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-03-15 00:03 - 2014-11-13 15:42 - 00000000 ____D () C:\Program Files (x86)\HP

2015-03-15 00:01 - 2014-11-13 15:43 - 00000000 ____D () C:\ProgramData\HP

2015-03-14 23:54 - 2013-12-05 21:08 - 00000000 ____D () C:\Program Files (x86)\Google

2015-03-09 19:44 - 2013-08-22 17:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log
 

==================== Files in the root of some directories =======
 

2014-11-13 15:41 - 2014-11-13 15:41 - 0000057 _____ () C:\ProgramData\Ament.ini

2013-03-08 10:30 - 2013-03-08 10:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 

Some content of TEMP:

====================

C:\Users\Wiebke\AppData\Local\Temp\SpotifyUninstall.exe

C:\Users\Wiebke\AppData\Local\Temp\SPSetup.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-04-02 21:39
 

==================== End Of Log ============================

Addition

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015

Ran by Wiebke at 2015-04-05 00:37:01

Running from C:\Users\Wiebke\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: 360 Internet Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}

AS: 360 Internet Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

360 Internet Security (HKLM-x32\...\360 Internet Security) (Version: 5.0.0.5104 - Qihu 360 Software Co., Ltd.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

AMD Catalyst Install Manager (HKLM\...\{DA51A69D-5D86-8A3D-1A4E-CB7CA80BA803}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)

AMD VISION Engine Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )

Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.50 - Conexant)

Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)

Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo)

Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.167 - Realtek Semiconductor Corp.)

Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1519 - CyberLink Corp.)

Lenovo OneKey Recovery (Version: 8.0.0.1519 - CyberLink Corp.) Hidden

Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)

Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.10.2 - ELAN Microelectronic Corp.)

Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)

Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden

Lenovo Solution Center (HKLM\...\{C51863E5-EB09-43A5-9D43-26A32587EEAC}) (Version: 2.4.002.00 - Lenovo Group Limited)

Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)

Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden

Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)

Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)

OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)

Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)

Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.22.0.160 - Client Connect LTD) <==== ATTENTION

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)

TextMaker Viewer (HKLM-x32\...\TextMaker Viewer) (Version:  - SoftMaker Software GmbH)

UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)

Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)

Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

19-03-2015 03:18:58 Windows Update

24-03-2015 22:03:05 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

02-04-2015 21:57:12 Geplanter Prüfpunkt
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {0319D1CB-39C6-40A6-BC21-74B0C59BC6A5} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-02-19] ()

Task: {4D372C62-549E-4620-99EF-185E54E20A81} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)

Task: {582C5EA8-8825-4B9E-9F9E-D80AD961A49C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)

Task: {5FB63B42-D709-4B4F-9C7F-48CBA83A89F3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)

Task: {6143270F-143E-4C3B-8633-CE02763E0A1A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-19] (Lenovo)

Task: {708F5BD3-85F3-4885-A66A-041B0173EE2B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {9EE70633-625B-4FC9-8E57-6FD05B47E5C8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-19] (Microsoft Corporation)

Task: {AE8F1010-5FC3-4C9A-AB4B-F9DBE42A69EB} - System32\Tasks\avaavxvyex => C:\Users\Wiebke\AppData\Local\avaavxvyex\avaavxvyex.exe [2015-03-16] () <==== ATTENTION

Task: {B25808A0-66E0-4690-901C-5E6A65FF7A5C} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-02-19] ()

Task: {E53E54D2-EF36-4F8F-9E3D-3556D52CF259} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-02-19] (Lenovo)

Task: {EF04C3D4-252F-4FA7-B53D-235A55AEA360} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-02-19] ()

Task: {F5049331-DF33-4B63-A929-181C8A74B856} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) ==============
 

2014-04-23 04:51 - 2014-04-23 04:51 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2014-04-23 04:52 - 2014-04-23 04:52 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 

AlternateDataStreams: C:\Windows:nlsPreferences

AlternateDataStreams: C:\Users\Wiebke\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\Wiebke\SkyDrive (2).old:ms-properties

AlternateDataStreams: C:\Users\Wiebke\SkyDrive.old:ms-properties
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-2638402565-1467238506-476182491-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Wiebke\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp

DNS Servers: 192.168.1.1
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-2638402565-1467238506-476182491-500 - Administrator - Disabled) => C:\Users\Administrator

Gast (S-1-5-21-2638402565-1467238506-476182491-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2638402565-1467238506-476182491-1007 - Limited - Enabled)

Martin (S-1-5-21-2638402565-1467238506-476182491-1005 - Limited - Enabled) => C:\Users\Martin

Wiebke (S-1-5-21-2638402565-1467238506-476182491-1002 - Administrator - Enabled) => C:\Users\Wiebke
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (04/04/2015 11:03:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SIRFANCYPANTS)

Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 

Error: (04/04/2015 11:03:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SIRFANCYPANTS)

Description: Bei der Aktivierung der App „Microsoft.SkypeApp_kzf8qxf38zg5c!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 

Error: (04/04/2015 10:29:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SIRFANCYPANTS)

Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 

Error: (04/04/2015 10:29:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SIRFANCYPANTS)

Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 

Error: (04/04/2015 10:29:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SIRFANCYPANTS)

Description: Bei der Aktivierung der App „Microsoft.SkypeApp_kzf8qxf38zg5c!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 

Error: (04/02/2015 08:54:29 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm backgroundTaskHost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: bdc
 

Startzeit: 01d06d75a1a0f40c
 

Endzeit: 4294967295
 

Anwendungspfad: C:\WINDOWS\syswow64\backgroundTaskHost.exe
 

Berichts-ID: abc9ada5-d969-11e4-bea5-20898447b106
 

Vollständiger Name des fehlerhaften Pakets: E046963F.LenovoSupport_2.0.5.0_x86__k1h2ywk1493x8
 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
 

Error: (03/30/2015 06:35:09 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm wwahost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: cc8
 

Startzeit: 01d06b06bf110f2b
 

Endzeit: 4294967295
 

Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe
 

Berichts-ID: b348e151-d6fa-11e4-bea5-20898447b106
 

Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c
 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
 

Error: (03/26/2015 10:26:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SIRFANCYPANTS)

Description: Bei der Aktivierung der App „Microsoft.SkypeApp_kzf8qxf38zg5c!App“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 

Error: (03/24/2015 01:46:20 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)

Description: Vom Ereignisanbieter "ProtectionManagement" wurde versucht, die Abfrage "select * from MSFT_MpEvent" zu registrieren, deren Zielklasse "MSFT_MpEvent" im Namespace "//./root/microsoft/protectionManagement" nicht vorhanden ist. Die Abfrage wird ignoriert.
 

Error: (03/24/2015 01:46:20 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)

Description: Vom Ereignisanbieter "" wurde versucht, die Abfrage "select * from MSFT_MpEvent" zu registrieren, deren Zielklasse "MSFT_MpEvent" im Namespace "//./root/microsoft/protectionManagement" nicht vorhanden ist. Die Abfrage wird ignoriert.
 
 

System errors:

=============

Error: (04/05/2015 00:10:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (04/04/2015 11:29:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (04/04/2015 11:17:06 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: Das System wurde zuvor am ‎04.‎04.‎2015 um 23:14:21 unerwartet heruntergefahren.
 

Error: (04/04/2015 10:29:14 PM) (Source: DCOM) (EventID: 10010) (User: SIRFANCYPANTS)

Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
 

Error: (04/04/2015 10:29:11 PM) (Source: DCOM) (EventID: 10010) (User: SIRFANCYPANTS)

Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa
 

Error: (04/04/2015 10:29:11 PM) (Source: DCOM) (EventID: 10010) (User: SIRFANCYPANTS)

Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
 

Error: (04/04/2015 06:20:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (04/03/2015 08:48:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (04/03/2015 08:48:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (04/02/2015 08:59:09 PM) (Source: DCOM) (EventID: 10010) (User: SIRFANCYPANTS)

Description: Microsoft.WindowsLive.Platform.Service.RemoteProcess
 
 

Microsoft Office Sessions:

=========================

Error: (04/04/2015 11:03:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SIRFANCYPANTS)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927142
 

Error: (04/04/2015 11:03:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SIRFANCYPANTS)

Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927142
 

Error: (04/04/2015 10:29:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SIRFANCYPANTS)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
 

Error: (04/04/2015 10:29:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SIRFANCYPANTS)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
 

Error: (04/04/2015 10:29:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SIRFANCYPANTS)

Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141
 

Error: (04/02/2015 08:54:29 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: backgroundTaskHost.exe6.3.9600.17415bdc01d06d75a1a0f40c4294967295C:\WINDOWS\syswow64\backgroundTaskHost.exeabc9ada5-d969-11e4-bea5-20898447b106E046963F.LenovoSupport_2.0.5.0_x86__k1h2ywk1493x8App
 

Error: (03/30/2015 06:35:09 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: wwahost.exe6.3.9600.17415cc801d06b06bf110f2b4294967295C:\WINDOWS\syswow64\wwahost.exeb348e151-d6fa-11e4-bea5-20898447b106Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
 

Error: (03/26/2015 10:26:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SIRFANCYPANTS)

Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2147023170
 

Error: (03/24/2015 01:46:20 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)

Description: ProtectionManagementselect * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement
 

Error: (03/24/2015 01:46:20 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)

Description: select * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement
 
 

CodeIntegrity Errors:

===================================

  Date: 2015-03-30 17:44:15.918

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 

  Date: 2015-03-16 06:59:54.084

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 

  Date: 2015-03-16 06:59:52.504

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 

  Date: 2015-03-15 05:35:28.782

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 

  Date: 2015-02-24 09:56:11.874

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 

  Date: 2015-02-24 09:56:10.772

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 

  Date: 2015-02-24 09:56:09.683

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 

  Date: 2015-02-24 09:56:04.422

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 

  Date: 2015-02-24 09:56:02.449

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 

  Date: 2015-02-20 00:06:23.468

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 

==================== Memory info =========================== 
 

Processor: AMD E1-1500 APU with Radeon(tm) HD Graphics

Percentage of memory in use: 69%

Total physical RAM: 1606.26 MB

Available physical RAM: 486.61 MB

Total Pagefile: 3270.26 MB

Available Pagefile: 1575.15 MB

Total Virtual: 131072 MB

Available Virtual: 131071.79 MB
 

==================== Drives ================================
 

Drive c: (Lil'MsIndependent) (Fixed) (Total:250.42 GB) (Free:207.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.85 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 298.1 GB) (Disk ID: D2AB5D67)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

Gmer

Code:

GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2015-04-05 00:51:54

Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000027 HITACHI_HTS545032A7E380 rev.GGBZB950 298,09GB

Running: Gmer-19357.exe; Driver: C:\Users\Wiebke\AppData\Local\Temp\kgldrkoc.sys
 
 

---- Threads - GMER 2.1 ----
 

Thread  C:\WINDOWS\system32\csrss.exe [516:540]  fffff960009662d0
 

---- Disk sectors - GMER 2.1 ----
 

Disk    \Device\Harddisk0\DR0                    unknown MBR code
 

---- EOF - GMER 2.1 ----

Das sollte alles gewesen sein.
Ich hoffe mir kann jemand helfen.
Liebste Grüße und ein riesiges Dankeschön im Voraus!

Okay, alles gemacht.

Scan Logs sehen wie folgt aus

MBAM

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 06.04.2015

Suchlauf-Zeit: 14:48:35

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.01.4.1018

Malware Datenbank: v2015.04.06.04

Rootkit Datenbank: v2015.03.31.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 8.1

CPU: x64

Dateisystem: NTFS

Benutzer: Wiebke
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 462773

Verstrichene Zeit: 50 Min, 13 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente gefunden)
 

Module: 0

(Keine schädliche Elemente gefunden)
 

Registrierungsschlüssel: 13

PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, In Quarantäne, [75e74b1e4842e74fff265864976a50b0], 

PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, In Quarantäne, [d28ae485652568ce2fec54e5e81b35cb], 

PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, In Quarantäne, [d28ae485652568ce2fec54e5e81b35cb], 

PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, In Quarantäne, [d28ae485652568ce2fec54e5e81b35cb], 

PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, In Quarantäne, [d28ae485652568ce2fec54e5e81b35cb], 

PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, In Quarantäne, [d28ae485652568ce2fec54e5e81b35cb], 

PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, In Quarantäne, [d28ae485652568ce2fec54e5e81b35cb], 

PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2638402565-1467238506-476182491-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [8ad2650491f995a15b0014203ec5916f], 

PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [421a4425612991a5eddd360a03024db3], 

PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantäne, [a5b72643197136009c2de35d28ddf30d], 

PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, In Quarantäne, [8dcfadbcf99167cfb9766384946f8080], 

PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, In Quarantäne, [c8945a0f088259dd838758893dc6b749], 

PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2638402565-1467238506-476182491-1002\SOFTWARE\SEARCHPROTECTINT, In Quarantäne, [a8b499d0e5a562d440eb60a7d52fb947], 
 

Registrierungswerte: 6

PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, In Quarantäne, [8dcfadbcf99167cfb9766384946f8080]

PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\WINDOWS\system32\drivers\SPPD.sys, In Quarantäne, [c8945a0f088259dd838758893dc6b749]

PUP.Optional.Conduit.A, HKU\S-1-5-21-2638402565-1467238506-476182491-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, hxxp://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP72865909-810B-498E-AD55-AA893A0CCA84&q={searchTerms}&SSPV=, In Quarantäne, [0d4ffc6d127861d5a8b46d4a47bccd33]

PUP.Optional.Conduit.A, HKU\S-1-5-21-2638402565-1467238506-476182491-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, In Quarantäne, [67f5224799f12e083923932413f02fd1]

PUP.Optional.Trovi.A, HKU\S-1-5-21-2638402565-1467238506-476182491-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Trovi search, In Quarantäne, [c993bdacbfcb2d09eb349bb160a5659b]

PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2638402565-1467238506-476182491-1002\SOFTWARE\SEARCHPROTECTINT|Install, 1, In Quarantäne, [a8b499d0e5a562d440eb60a7d52fb947]
 

Registrierungsdaten: 2

PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll, Gut: (), Schlecht: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll),Ersetzt,[322a1950c1c910269a8b605c639e758b]

PUP.Optional.Trovi.A, HKU\S-1-5-21-2638402565-1467238506-476182491-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3317742&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=55&CUI=&UM=5&UP=SP72865909-810B-498E-AD55-AA893A0CCA84&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://www.trovi.com/?gd=&ctid=CT3317742&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=55&CUI=&UM=5&UP=SP72865909-810B-498E-AD55-AA893A0CCA84&SSPV=),Löschen bei Neustart,[520a7ced1c6e3afcec59d51936cfb749]
 

Ordner: 35

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\Logs, In Quarantäne, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\Logs, In Quarantäne, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, In Quarantäne, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, In Quarantäne, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, In Quarantäne, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Users\Martin\AppData\Local\SearchProtect, Löschen bei Neustart, [73e9aabf95f5979f870f0f85dd260ff1], 

PUP.Optional.SearchProtect.A, C:\Users\Martin\AppData\Local\SearchProtect\SearchProtect, Löschen bei Neustart, [73e9aabf95f5979f870f0f85dd260ff1], 

PUP.Optional.SearchProtect.A, C:\Users\Martin\AppData\Local\SearchProtect\SearchProtect\rep, Löschen bei Neustart, [73e9aabf95f5979f870f0f85dd260ff1], 

PUP.Optional.SearchProtect.A, C:\Users\Martin\AppData\Local\SearchProtect\SearchProtect\STG, In Quarantäne, [73e9aabf95f5979f870f0f85dd260ff1], 

PUP.Optional.SearchProtect.A, C:\Users\Martin\AppData\Local\SearchProtect\UI, Löschen bei Neustart, [73e9aabf95f5979f870f0f85dd260ff1], 

PUP.Optional.SearchProtect.A, C:\Users\Martin\AppData\Local\SearchProtect\UI\rep, Löschen bei Neustart, [73e9aabf95f5979f870f0f85dd260ff1], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\SearchProtect, Löschen bei Neustart, [d884e485acde47efb8deb2e2ea19f20e], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\SearchProtect\SearchProtect, Löschen bei Neustart, [d884e485acde47efb8deb2e2ea19f20e], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\SearchProtect\SearchProtect\rep, Löschen bei Neustart, [d884e485acde47efb8deb2e2ea19f20e], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\SearchProtect\UI, Löschen bei Neustart, [d884e485acde47efb8deb2e2ea19f20e], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\SearchProtect\UI\rep, Löschen bei Neustart, [d884e485acde47efb8deb2e2ea19f20e], 

PUP.Optional.Extutil.A, C:\Users\Wiebke\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, In Quarantäne, [56065e0b01892e08b7aa9bfbff04619f], 

PUP.Optional.Managera.A, C:\Users\Wiebke\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, In Quarantäne, [085482e791f951e5e67c771fb74c9c64], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\avaavxvyex, In Quarantäne, [68f441280288c274325b921fb05353ad], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\avayvaxvaa, In Quarantäne, [9ebe6bfe4b3fa88ea3ea8b262ed56e92], 
 

Dateien: 172

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Löschen bei Neustart, [75e74b1e4842e74fff265864976a50b0], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll, Löschen bei Neustart, [322a1950c1c910269a8b605c639e758b], 

PUP.Optional.Outbrowse, C:\$Recycle.Bin\S-1-5-21-2638402565-1467238506-476182491-1002\$RB3NBQ4.exe, In Quarantäne, [86d6ce9babdf40f6f15090c67c895fa1], 

PUP.Optional.Outbrowse, C:\$Recycle.Bin\S-1-5-21-2638402565-1467238506-476182491-1002\$RTL1MOG.exe, In Quarantäne, [26363b2e1575c96d5be6abab39ccfb05], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\Temp\SPSetup.exe, In Quarantäne, [acb0155428622f07889d6a52b44db54b], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\Temp\nse6270.tmp\SPtool.dll, Löschen bei Neustart, [61fb49206e1c4ee86fb67b4125dcb64a], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\Temp\nsi87F6.tmp\SPtool.dll, In Quarantäne, [f963fc6df5958aac929318a43fc2d12f], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nsa565B.exe, In Quarantäne, [5b014326ccbe67cf8089842ea35edc24], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nsa944.exe, In Quarantäne, [a5b72b3e8dfdbb7baf5ad8da5ba642be], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nsb1BF9.exe, In Quarantäne, [83d9e5844e3c3df951b80fa3aa5713ed], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nsb498A.exe, In Quarantäne, [0458f57418729b9bf514cbe7af52de22], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nsb50E8.exe, In Quarantäne, [f5672e3b6f1b24127396a909a35ebd43], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nsnBA37.exe, In Quarantäne, [2834b6b3a4e679bd89806e4446bb0cf4], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsy9522.exe, In Quarantäne, [3c2096d39cee4fe78c17bb9d57aabb45], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nszA419.exe, In Quarantäne, [184461081c6e9b9bb4551b97f70a9b65], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nszCFDB.exe, In Quarantäne, [c09c0c5dc1c90b2b0009466c40c1db25], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nszE2B.exe, In Quarantäne, [015b1752fa90191da9fa5ff9a75a2fd1], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsf17CD.exe, In Quarantäne, [adaff376503ace68a5fe93c5669bbc44], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nsh8AA9.exe, In Quarantäne, [5dff1950deac8bab0ffa803235cc01ff], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nshCC3A.exe, In Quarantäne, [f8647beeccbe4aecff0aedc52cd58a76], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nshE63B.exe, In Quarantäne, [38244524117962d46b9e1b9729d8b64a], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsiFECE.exe, In Quarantäne, [f567f8710981de58b1f23325946dda26], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nsj1488.exe, In Quarantäne, [6cf05c0d2e5c81b513f69022cf328d73], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsj4DE.exe, In Quarantäne, [7ddf204952389b9bb7ec34240100e41c], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nsqD093.exe, In Quarantäne, [a6b6fc6dc1c938fe69a0a30f6b960af6], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr6D34.exe, In Quarantäne, [f9635415414953e381226fe94db417e9], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nst7301.exe, In Quarantäne, [d28a36335337b28460432533c04111ef], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nstCF6D.exe, In Quarantäne, [d686284102885fd7584b99bfda279868], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsb6A94.exe, In Quarantäne, [13491e4bc9c168ce247fa8b0e81935cb], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nsbFDED.exe, In Quarantäne, [65f707624644e94d38d17939df2249b7], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nsc6A7D.exe, In Quarantäne, [5a0272f7fb8f79bdb455575b50b1e31d], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc880D.exe, In Quarantäne, [87d573f63c4e94a2a3828a3231d06a96], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nscB244.exe, In Quarantäne, [4d0f7feaed9de4528221c39509f8728e], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nsd3A25.exe, In Quarantäne, [a7b53f2a92f848ee5bae8b2702ff22de], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nse753C.exe, In Quarantäne, [60fcd5943c4e181e1eeba210de2319e7], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nsuF084.exe, In Quarantäne, [91cb4524800a310514f541715fa244bc], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsvE93A.exe, In Quarantäne, [411b6ffafa9045f1247f0d4b8978847c], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nsvEAD4.exe, In Quarantäne, [62fa0861addd251191788a2813ee03fd], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsw1B38.exe, In Quarantäne, [7be1d990810989adaaf9e2763fc240c0], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nso2E27.exe, In Quarantäne, [3a226dfc5c2ea393c1e2ff59e31eed13], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nsoF3B5.exe, In Quarantäne, [4b1186e3b5d563d3ee1bdad8d22ff10f], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsoFF4B.exe, In Quarantäne, [8dcfb1b8b0da6ec8089b4513c041946c], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsp105D.exe, In Quarantäne, [2636d2970684eb4b2f74075115ecef11], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nseBABB.exe, In Quarantäne, [085428415e2cea4c29e008aa35cc0000], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsjD8C4.exe, In Quarantäne, [f06cb7b22763d660a3001f39c43dde22], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nsnF8C2.exe, In Quarantäne, [263648218cfeba7cca3f11a14bb6a45c], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nspBB86.exe, In Quarantäne, [9dbf71f8a5e595a13ecb664cbb46b54b], 

PUP.Optional.SearchProtect, C:\Windows\Temp\957E.tmp\avayvaxvaa.exe, In Quarantäne, [2a328cdd7218d75fa5d4ab7055ad6d93], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\957E.tmp\pbqrmvbub, In Quarantäne, [66f602672169a29443e234884cb5fd03], 

PUP.Optional.SearchProtect, C:\Users\Wiebke\AppData\Local\avaavxvyex\avaavxvyex.exe, In Quarantäne, [2735551484063600b2c78695639f29d7], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\avaavxvyex\pbqrmvbub, In Quarantäne, [74e8dd8cc4c6df5745e0556720e1c63a], 

PUP.Optional.SearchProtect.A, C:\Windows\apppatch\apppatch64\VCLdr64.dll, Löschen bei Neustart, [cf8da0c9bad0c571240139833ac70ff1], 

PUP.Optional.SearchProtect.A, C:\Windows\System32\Tasks\avaavxvyex, In Quarantäne, [1c40432692f811259a600db1d231e41c], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, In Quarantäne, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\CRASH_REPORT_P16312_T16756_D2015_03_23_T23_01_48.txt, In Quarantäne, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\CRASH_REPORT_P244840_T245052_D2015_02_16_T17_40_49.txt, In Quarantäne, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe_1415966355888, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1390829844835, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1390829845053, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391516851372, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1417535291883, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1418968836180, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1420152466590, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1421188094555, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1423054100627, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1423582009025, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1426990524580, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1427224643712, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\cfi.bin, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\edk.bin, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\pni.bin, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\trn.bin, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe_1426990589773, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.css, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.html, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.js, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\DialogAPI.js, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, Löschen bei Neustart, [37256bfe3159a294baed30f7a164fa06], 

PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Löschen bei Neustart, [421a9fca90fa0b2b2e9f0b35a263fe02], 

PUP.Optional.SearchProtect.A, C:\Users\Martin\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Löschen bei Neustart, [73e9aabf95f5979f870f0f85dd260ff1], 

PUP.Optional.SearchProtect.A, C:\Users\Martin\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, Löschen bei Neustart, [73e9aabf95f5979f870f0f85dd260ff1], 

PUP.Optional.SearchProtect.A, C:\Users\Martin\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, Löschen bei Neustart, [73e9aabf95f5979f870f0f85dd260ff1], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, Löschen bei Neustart, [d884e485acde47efb8deb2e2ea19f20e], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Löschen bei Neustart, [d884e485acde47efb8deb2e2ea19f20e], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, Löschen bei Neustart, [d884e485acde47efb8deb2e2ea19f20e], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, Löschen bei Neustart, [d884e485acde47efb8deb2e2ea19f20e], 

PUP.Optional.Extutil.A, C:\Users\Wiebke\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, In Quarantäne, [56065e0b01892e08b7aa9bfbff04619f], 

PUP.Optional.Extutil.A, C:\Users\Wiebke\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, In Quarantäne, [56065e0b01892e08b7aa9bfbff04619f], 

PUP.Optional.Extutil.A, C:\Users\Wiebke\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, In Quarantäne, [56065e0b01892e08b7aa9bfbff04619f], 

PUP.Optional.Managera.A, C:\Users\Wiebke\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, In Quarantäne, [085482e791f951e5e67c771fb74c9c64], 

PUP.Optional.Managera.A, C:\Users\Wiebke\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, In Quarantäne, [085482e791f951e5e67c771fb74c9c64], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\avaavxvyex\bahvxfk, In Quarantäne, [68f441280288c274325b921fb05353ad], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\avaavxvyex\mkfvxfk, In Quarantäne, [68f441280288c274325b921fb05353ad], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\avaavxvyex\pvpqbjobmlpfqlovvawq, In Quarantäne, [68f441280288c274325b921fb05353ad], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\avaavxvyex\qokvxfk, In Quarantäne, [68f441280288c274325b921fb05353ad], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\avaavxvyex\rfobmlpfqlovvawq, In Quarantäne, [68f441280288c274325b921fb05353ad], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\avaavxvyex\rpboobmlpfqlovvawq, In Quarantäne, [68f441280288c274325b921fb05353ad], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\avaavxvyex\stb.dat, In Quarantäne, [68f441280288c274325b921fb05353ad], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\avaavxvyex\ycfvxfk, In Quarantäne, [68f441280288c274325b921fb05353ad], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\avayvaxvaa\bahvxfk, In Quarantäne, [9ebe6bfe4b3fa88ea3ea8b262ed56e92], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\avayvaxvaa\mkfvxfk, In Quarantäne, [9ebe6bfe4b3fa88ea3ea8b262ed56e92], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\avayvaxvaa\pvpqbjobmlpfqlovvawq, In Quarantäne, [9ebe6bfe4b3fa88ea3ea8b262ed56e92], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\avayvaxvaa\qokvxfk, In Quarantäne, [9ebe6bfe4b3fa88ea3ea8b262ed56e92], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\avayvaxvaa\rfobmlpfqlovvawq, In Quarantäne, [9ebe6bfe4b3fa88ea3ea8b262ed56e92], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\avayvaxvaa\rpboobmlpfqlovvawq, In Quarantäne, [9ebe6bfe4b3fa88ea3ea8b262ed56e92], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\avayvaxvaa\stb.dat, In Quarantäne, [9ebe6bfe4b3fa88ea3ea8b262ed56e92], 

PUP.Optional.SearchProtect.A, C:\Users\Wiebke\AppData\Local\avayvaxvaa\ycfvxfk, In Quarantäne, [9ebe6bfe4b3fa88ea3ea8b262ed56e92], 
 

Physische Sektoren: 0

(Keine schädliche Elemente gefunden)
 
 

(end)

Adware Cleaner

Code:

# AdwCleaner v4.200 - Bericht erstellt 06/04/2015 um 16:44:27

# Aktualisiert 29/03/2015 von Xplode

# Datenbank : 2015-03-29.1 [Server]

# Betriebssystem : Windows 8.1  (x64)

# Benutzername : Wiebke - SIRFANCYPANTS

# Gestarted von : C:\Users\Wiebke\Desktop\AdwCleaner_4.200.exe

# Option : Löschen
 

***** [ Dienste ] *****
 

[#] Dienst Gelöscht : CltMngSvc
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\Program Files (x86)\Amazon\ABB

Ordner Gelöscht : C:\Program Files (x86)\SearchProtect

Ordner Gelöscht : C:\WINDOWS\SysWOW64\SearchProtect

Ordner Gelöscht : C:\Users\Martin\AppData\Local\SearchProtect

Ordner Gelöscht : C:\Users\Wiebke\AppData\Local\SearchProtect

Datei Gelöscht : C:\WINDOWS\apppatch\apppatch64\vcldr64.dll

Datei Gelöscht : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb

Datei Gelöscht : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
 

***** [ Geplante Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect

Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v11.0.9600.17416
 

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 

-\\ Mozilla Firefox v37.0.1 (x86 de)
 
 

-\\ Google Chrome v
 

[C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP72865909-810B-498E-AD55-AA893A0CCA84&q={searchTerms}&SSPV=

[C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl

[C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh

[C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb

[C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : hxxp://search.conduit.com/?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP72865909-810B-498E-AD55-AA893A0CCA84&SSPV=

[C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Default_Search_Provider_Data] : 
 

*************************
 

AdwCleaner[R0].txt - [28123 Bytes] - [06/04/2015 16:39:51]

AdwCleaner[S0].txt - [2839 Bytes] - [06/04/2015 16:44:27]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2898  Bytes] ##########

JRT

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.5.2 (04.06.2015:1)

OS: Windows 8.1 x64

Ran by Wiebke on 06.04.2015 at 17:15:27,84

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Wiebke\AppData\Roaming\mozilla\firefox\profiles\li9tsb2y.default\minidumps [14 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 06.04.2015 at 17:24:02,34

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by Wiebke (administrator) on SIRFANCYPANTS on 06-04-2015 17:38:31

Running from C:\Users\Wiebke\Desktop

Loaded Profiles: Wiebke (Available profiles: Wiebke & Martin & Administrator)

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Qihu 360 Software Co., Ltd.) D:\Application\360 Internet Security\360rps.exe

(Qihu 360 Software Co., Ltd.) D:\Application\360 Internet Security\deepscan\QHActiveDefense.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe

(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

(Qihu 360 Software Co., Ltd.) D:\Application\360 Internet Security\360sd.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe

(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Qihu 360 Software Co., Ltd.) D:\Application\360 Internet Security\safemon\360Tray.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Qihu 360 Software Co., Ltd.) D:\Application\360 Internet Security\360rp.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-10-03] (ELAN Microelectronics Corp.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-03-08] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-03-08] (Lenovo(beijing) Limited)

HKLM\...\Run: [360sd] => D:\Application\360 Internet Security\360sdrun.exe [287560 2014-04-16] (Qihu 360 Software Co., Ltd.)

HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)

HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-23] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKU\S-1-5-21-2638402565-1467238506-476182491-1002\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-2638402565-1467238506-476182491-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com

HKU\S-1-5-21-2638402565-1467238506-476182491-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2638402565-1467238506-476182491-1002 -> {DC4D076E-9397-420C-8835-98B6C074D131} URL = 

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> D:\Application\360 Internet Security\safemon\safemon64.dll [2014-04-23] (Qihu 360 Software Co., Ltd.)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-12] (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-12] (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Wiebke\AppData\Roaming\Mozilla\Firefox\Profiles\li9tsb2y.default

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-12] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-12] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-13] (Nitro PDF)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Extension: Ageless - C:\Users\Wiebke\AppData\Roaming\Mozilla\Firefox\Profiles\li9tsb2y.default\Extensions\2341n4m3@gmail.com.xpi [2014-09-22]

FF Extension: Adblock Plus - C:\Users\Wiebke\AppData\Roaming\Mozilla\Firefox\Profiles\li9tsb2y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-05]
 

Chrome: 

=======

CHR HomePage: Default -> hxxp://google.com/

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-05]

CHR Extension: (Google Drive) - C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-05]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-23]

CHR Extension: (YouTube) - C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-05]

CHR Extension: (Google Search) - C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-05]

CHR Extension: (Google Wallet) - C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-05]

CHR Extension: (Gmail) - C:\Users\Wiebke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-05]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 360rp; D:\Application\360 Internet Security\360rps.exe [310352 2014-04-16] (Qihu 360 Software Co., Ltd.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-23] (Advanced Micro Devices, Inc.) [File not signed]

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)

S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)

R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)

S3 scan; D:\Application\360 Internet Security\scan.dll [420424 2014-04-25] (S.C. BitDefender S.R.L)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

R2 ZhuDongFangYu; D:\Application\360 Internet Security\deepscan\QHActiveDefense.exe [236360 2014-04-23] (Qihu 360 Software Co., Ltd.)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [97872 2014-04-21] (Qihu 360 Software Co., Ltd.)

R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [67664 2014-04-23] (Qihu 360 Software Co., Ltd.)

R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305744 2014-04-29] (Qihu 360 Software Co., Ltd.)

R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [41552 2014-04-29] (Qihu 360 Software Co., Ltd.)

R1 360fsflt; C:\Windows\System32\DRIVERS\360FsFlt.sys [304208 2014-05-07] (Qihu 360 Software Co., Ltd.)

S1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2014-04-18] (Qihu 360 Software Co., Ltd.)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-06] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)

R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8222736 2012-06-15] (Realtek Semiconductor Corp.)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-04-06 17:24 - 2015-04-06 17:24 - 00000805 _____ () C:\Users\Wiebke\Desktop\JRT.txt

2015-04-06 17:15 - 2015-04-06 17:15 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-SIRFANCYPANTS-Windows-8.1-(64-bit).dat

2015-04-06 17:15 - 2015-04-06 17:15 - 00000000 ____D () C:\RegBackup

2015-04-06 17:13 - 2015-04-06 17:13 - 02691312 _____ (Thisisu) C:\Users\Wiebke\Desktop\JRT.exe

2015-04-06 16:38 - 2015-04-06 16:38 - 00035182 _____ () C:\Users\Wiebke\Desktop\mbam.txt

2015-04-06 16:03 - 2015-04-06 16:44 - 00000000 ____D () C:\AdwCleaner

2015-04-06 16:02 - 2015-04-06 16:02 - 02208768 _____ () C:\Users\Wiebke\Desktop\AdwCleaner_4.200.exe

2015-04-06 15:52 - 2015-04-06 15:52 - 00021976 _____ () C:\WINDOWS\system32\Drivers\SPPD.sys

2015-04-06 14:48 - 2015-04-06 16:36 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-04-06 14:47 - 2015-04-06 14:47 - 00001091 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-04-06 14:47 - 2015-04-06 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-04-06 14:46 - 2015-04-06 14:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-04-06 14:46 - 2015-04-06 14:46 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-04-06 14:46 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-04-06 14:46 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-04-06 14:46 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-04-06 14:43 - 2015-04-06 14:44 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Wiebke\Downloads\mbam-setup-2.1.4.1018.exe

2015-04-06 14:34 - 2015-04-06 14:34 - 00000726 _____ () C:\Users\Wiebke\Desktop\Revo Uninstaller.lnk

2015-04-06 14:32 - 2015-04-06 14:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Wiebke\Desktop\revosetup95.exe

2015-04-05 01:47 - 2015-04-05 01:47 - 00388816 _____ () C:\WINDOWS\Minidump\040515-38375-01.dmp

2015-04-05 00:51 - 2015-04-05 00:51 - 00000502 _____ () C:\Users\Wiebke\Desktop\Gmer.log

2015-04-05 00:46 - 2015-04-05 00:46 - 00007888 _____ () C:\Users\Wiebke\Desktop\RealTimeProtect.log

2015-04-05 00:46 - 2015-04-05 00:46 - 00001306 _____ () C:\Users\Wiebke\Desktop\20150404222725.log

2015-04-05 00:42 - 2015-04-05 00:42 - 00380416 _____ () C:\Users\Wiebke\Desktop\Gmer-19357.exe

2015-04-05 00:37 - 2015-04-05 00:38 - 00025351 _____ () C:\Users\Wiebke\Desktop\Addition.txt

2015-04-05 00:32 - 2015-04-06 17:39 - 00014704 _____ () C:\Users\Wiebke\Desktop\FRST.txt

2015-04-05 00:32 - 2015-04-06 17:38 - 00000000 ____D () C:\FRST

2015-04-05 00:31 - 2015-04-05 00:31 - 02095616 _____ (Farbar) C:\Users\Wiebke\Desktop\FRST64.exe

2015-04-05 00:29 - 2015-04-05 00:29 - 00000474 _____ () C:\Users\Wiebke\Desktop\defogger_disable.log

2015-04-05 00:29 - 2015-04-05 00:29 - 00000000 _____ () C:\Users\Wiebke\defogger_reenable

2015-04-05 00:27 - 2015-04-05 00:27 - 00050477 _____ () C:\Users\Wiebke\Desktop\Defogger.exe

2015-04-04 18:37 - 2015-04-04 18:37 - 00002802 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC

2015-04-04 18:36 - 2015-04-04 18:37 - 00000000 ____D () C:\Program Files\CCleaner

2015-04-04 18:35 - 2014-05-14 11:40 - 00022992 _____ (Qihu 360 Software Co., Ltd.) C:\WINDOWS\system32\Drivers\efimon.sys

2015-04-04 18:34 - 2015-04-06 16:17 - 00000000 ____D () C:\Users\Wiebke\AppData\Roaming\360safe

2015-04-04 18:34 - 2015-04-05 10:23 - 00000000 ____D () C:\ProgramData\360SD

2015-04-04 18:34 - 2015-04-04 18:34 - 00000756 _____ () C:\Users\Public\Desktop\360 Internet Security.lnk

2015-04-04 18:34 - 2015-04-04 18:34 - 00000000 ____D () C:\Users\Wiebke\AppData\Roaming\360SD

2015-04-04 18:34 - 2015-04-04 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Internet Security

2015-04-04 18:34 - 2014-05-07 11:44 - 00304208 _____ (Qihu 360 Software Co., Ltd.) C:\WINDOWS\system32\Drivers\360FsFlt.sys

2015-04-04 18:34 - 2014-04-29 05:50 - 00041552 _____ (Qihu 360 Software Co., Ltd.) C:\WINDOWS\system32\Drivers\360Camera64.sys

2015-04-04 18:34 - 2014-04-23 10:32 - 00067664 _____ (Qihu 360 Software Co., Ltd.) C:\WINDOWS\system32\Drivers\360AvFlt.sys

2015-04-04 18:34 - 2014-04-21 08:38 - 00097872 _____ (Qihu 360 Software Co., Ltd.) C:\WINDOWS\system32\Drivers\360AntiHacker64.sys

2015-04-04 18:34 - 2014-04-18 08:42 - 00180816 _____ (Qihu 360 Software Co., Ltd.) C:\WINDOWS\system32\Drivers\BAPIDRV64.SYS

2015-04-04 18:33 - 2015-04-05 01:46 - 00000000 _RSHD () C:\360SANDBOX

2015-04-04 18:33 - 2014-04-29 08:20 - 00305744 _____ (Qihu 360 Software Co., Ltd.) C:\WINDOWS\system32\Drivers\360Box64.sys

2015-04-04 18:26 - 2015-04-04 18:26 - 01203488 _____ () C:\Users\Wiebke\Downloads\360 Internet Security - CHIP-Installer.exe

2015-04-04 18:22 - 2015-04-04 18:23 - 04218880 _____ (Piriform Ltd) C:\Users\Wiebke\Downloads\ccsetup504_slim.exe

2015-04-03 22:53 - 2015-04-03 22:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-03-24 22:11 - 2015-03-24 22:11 - 00000000 ____D () C:\Users\Wiebke\AppData\Roaming\OpenOffice

2015-03-24 22:09 - 2015-03-24 22:09 - 00001132 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk

2015-03-24 22:09 - 2015-03-24 22:09 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1

2015-03-24 22:07 - 2015-03-24 22:08 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4

2015-03-24 21:49 - 2015-03-24 21:49 - 01203488 _____ () C:\Users\Wiebke\Downloads\OpenOffice - CHIP-Installer.exe

2015-03-24 21:47 - 2015-03-24 21:47 - 00000000 ____D () C:\Users\Wiebke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftMaker Viewer

2015-03-24 21:47 - 2015-03-24 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftMaker Viewer

2015-03-24 21:47 - 2015-03-24 21:47 - 00000000 ____D () C:\Program Files (x86)\SoftMaker Viewer

2015-03-24 21:47 - 2010-02-03 18:27 - 00068640 _____ () C:\WINDOWS\unTMV.exe

2015-03-24 21:41 - 2015-03-24 21:41 - 01203488 _____ () C:\Users\Wiebke\Downloads\TextMaker Viewer 2010 - CHIP-Installer.exe

2015-03-19 01:40 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2015-03-19 01:40 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2015-03-19 01:40 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2015-03-19 01:40 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe

2015-03-19 01:40 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe

2015-03-19 01:39 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2015-03-19 01:39 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2015-03-19 01:39 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2015-03-19 01:39 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2015-03-19 01:39 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2015-03-19 01:39 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2015-03-19 01:39 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2015-03-19 01:39 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2015-03-19 01:39 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2015-03-19 01:39 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2015-03-19 01:39 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2015-03-19 01:39 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2015-03-19 01:39 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2015-03-19 01:39 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2015-03-19 01:39 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2015-03-19 01:39 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2015-03-19 01:39 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2015-03-19 01:39 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2015-03-19 01:39 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2015-03-19 01:39 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2015-03-19 01:39 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2015-03-19 01:39 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2015-03-19 01:39 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2015-03-19 01:39 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2015-03-19 01:39 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2015-03-19 01:39 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2015-03-19 01:39 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2015-03-19 01:39 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2015-03-19 01:39 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2015-03-19 01:39 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2015-03-19 01:39 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2015-03-19 01:39 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2015-03-19 01:39 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2015-03-19 01:39 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2015-03-19 01:38 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2015-03-19 01:38 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2015-03-19 01:38 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2015-03-19 01:38 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2015-03-19 01:38 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2015-03-19 01:38 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2015-03-19 01:38 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll

2015-03-19 01:38 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll

2015-03-19 01:38 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll

2015-03-19 01:38 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll

2015-03-19 01:38 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll

2015-03-19 01:38 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll

2015-03-19 01:38 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll

2015-03-19 01:38 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll

2015-03-19 01:38 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

2015-03-19 01:38 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll

2015-03-19 01:38 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll

2015-03-19 01:37 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll

2015-03-19 01:37 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll

2015-03-19 01:37 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2015-03-19 01:37 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2015-03-19 01:37 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

2015-03-19 01:37 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2015-03-19 01:37 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2015-03-19 01:37 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll

2015-03-19 01:37 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll

2015-03-19 01:37 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2015-03-19 01:37 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2015-03-19 01:37 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

2015-03-19 01:37 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2015-03-19 01:37 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2015-03-19 01:37 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2015-03-19 01:37 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2015-03-19 01:37 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2015-03-19 01:37 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2015-03-19 01:37 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2015-03-19 01:37 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2015-03-19 01:37 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll

2015-03-19 01:37 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll

2015-03-19 01:37 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2015-03-19 01:37 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2015-03-19 01:36 - 2015-02-07 01:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml

2015-03-19 01:36 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2015-03-19 01:36 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys

2015-03-19 01:36 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys

2015-03-19 01:36 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys

2015-03-19 01:36 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll

2015-03-19 01:36 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll

2015-03-19 01:35 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll

2015-03-19 01:35 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll

2015-03-19 01:35 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys

2015-03-19 01:35 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll

2015-03-19 01:35 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll

2015-03-19 01:35 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll

2015-03-19 01:35 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll

2015-03-19 01:35 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll

2015-03-19 01:35 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll

2015-03-19 01:35 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll

2015-03-19 01:35 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll

2015-03-19 01:35 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll

2015-03-19 01:35 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll

2015-03-19 01:35 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll

2015-03-19 01:35 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll

2015-03-19 01:35 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll

2015-03-19 01:35 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll

2015-03-19 01:35 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

2015-03-19 01:35 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe

2015-03-14 23:52 - 2015-03-14 23:52 - 00000000 __SHD () C:\Users\Wiebke\AppData\Local\EmieBrowserModeList
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-04-06 17:22 - 2014-02-10 15:40 - 01774314 _____ () C:\WINDOWS\WindowsUpdate.log

2015-04-06 17:13 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-04-06 17:13 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat

2015-04-06 17:13 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat

2015-04-06 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-04-06 16:59 - 2013-12-23 23:29 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-04-06 16:50 - 2014-02-10 16:24 - 00000000 ___DO () C:\Users\Wiebke\SkyDrive

2015-04-06 16:46 - 2013-08-22 16:46 - 00391923 _____ () C:\WINDOWS\setupact.log

2015-04-06 16:46 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-04-06 16:44 - 2013-03-08 10:57 - 00000000 ____D () C:\Program Files (x86)\Amazon

2015-04-06 16:27 - 2013-08-22 15:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI

2015-04-06 15:51 - 2014-02-10 15:13 - 00000000 ____D () C:\Users\Wiebke

2015-04-06 15:06 - 2013-12-02 19:26 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2638402565-1467238506-476182491-1002

2015-04-06 14:39 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2015-04-05 01:47 - 2014-09-01 12:29 - 00000000 ____D () C:\WINDOWS\Minidump

2015-04-05 01:46 - 2014-09-01 12:29 - 326026999 _____ () C:\WINDOWS\MEMORY.DMP

2015-04-04 22:32 - 2013-08-22 16:44 - 00434728 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2015-04-04 22:31 - 2013-12-23 20:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-04-04 22:31 - 2013-11-14 00:18 - 00093340 _____ () C:\WINDOWS\PFRO.log

2015-04-04 18:59 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-04-02 22:40 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache

2015-03-23 23:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2015-03-23 23:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-03-23 23:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-03-23 23:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2015-03-23 23:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore

2015-03-23 23:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender

2015-03-23 23:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2015-03-19 08:04 - 2013-12-04 11:46 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-03-19 07:26 - 2014-02-05 19:48 - 00000000 ____D () C:\WINDOWS\system32\MRT

2015-03-19 03:51 - 2014-02-05 19:48 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-03-15 00:03 - 2014-11-13 15:42 - 00000000 ____D () C:\Program Files (x86)\HP

2015-03-15 00:01 - 2014-11-13 15:43 - 00000000 ____D () C:\ProgramData\HP

2015-03-14 23:54 - 2013-12-05 21:08 - 00000000 ____D () C:\Program Files (x86)\Google

2015-03-09 19:44 - 2013-08-22 17:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log
 

==================== Files in the root of some directories =======
 

2014-11-13 15:41 - 2014-11-13 15:41 - 0000057 _____ () C:\ProgramData\Ament.ini

2013-03-08 10:30 - 2013-03-08 10:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 

Some content of TEMP:

====================

C:\Users\Wiebke\AppData\Local\Temp\Quarantine.exe

C:\Users\Wiebke\AppData\Local\Temp\SpotifyUninstall.exe

C:\Users\Wiebke\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-04-05 01:58
 

==================== End Of Log ============================

--- --- ---

Addition

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015

Ran by Wiebke at 2015-04-06 17:41:49

Running from C:\Users\Wiebke\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: 360 Internet Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}

AS: 360 Internet Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

360 Internet Security (HKLM-x32\...\360 Internet Security) (Version: 5.0.0.5104 - Qihu 360 Software Co., Ltd.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

AMD Catalyst Install Manager (HKLM\...\{DA51A69D-5D86-8A3D-1A4E-CB7CA80BA803}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)

AMD VISION Engine Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )

Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.50 - Conexant)

Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)

Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo)

Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.167 - Realtek Semiconductor Corp.)

Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1519 - CyberLink Corp.)

Lenovo OneKey Recovery (Version: 8.0.0.1519 - CyberLink Corp.) Hidden

Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)

Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.10.2 - ELAN Microelectronic Corp.)

Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)

Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden

Lenovo Solution Center (HKLM\...\{C51863E5-EB09-43A5-9D43-26A32587EEAC}) (Version: 2.4.002.00 - Lenovo Group Limited)

Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)

Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden

Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)

Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)

Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)

OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)

Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)

TextMaker Viewer (HKLM-x32\...\TextMaker Viewer) (Version:  - SoftMaker Software GmbH)

UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)

Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)

Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

19-03-2015 03:18:58 Windows Update

24-03-2015 22:03:05 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

02-04-2015 21:57:12 Geplanter Prüfpunkt

06-04-2015 14:36:11 Revo Uninstaller's restore point - Search Protect
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {0319D1CB-39C6-40A6-BC21-74B0C59BC6A5} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-02-19] ()

Task: {3C81A717-4150-42B9-8A1A-AA532ECAE2EA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-19] (Microsoft Corporation)

Task: {4D372C62-549E-4620-99EF-185E54E20A81} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)

Task: {582C5EA8-8825-4B9E-9F9E-D80AD961A49C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)

Task: {5FB63B42-D709-4B4F-9C7F-48CBA83A89F3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)

Task: {6143270F-143E-4C3B-8633-CE02763E0A1A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-19] (Lenovo)

Task: {708F5BD3-85F3-4885-A66A-041B0173EE2B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {AE8F1010-5FC3-4C9A-AB4B-F9DBE42A69EB} - \avaavxvyex No Task File <==== ATTENTION

Task: {B25808A0-66E0-4690-901C-5E6A65FF7A5C} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-02-19] ()

Task: {E53E54D2-EF36-4F8F-9E3D-3556D52CF259} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-02-19] (Lenovo)

Task: {EF04C3D4-252F-4FA7-B53D-235A55AEA360} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-02-19] ()

Task: {F5049331-DF33-4B63-A929-181C8A74B856} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) ==============
 

2014-04-23 04:51 - 2014-04-23 04:51 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2014-04-23 04:52 - 2014-04-23 04:52 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2013-03-08 11:04 - 2012-07-12 14:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll

2013-03-08 11:04 - 2012-07-12 14:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll

2013-03-08 11:04 - 2012-07-12 14:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll

2013-03-08 11:04 - 2012-07-12 14:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll

2013-03-08 11:04 - 2012-07-12 14:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll

2013-03-08 11:04 - 2012-07-12 14:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll

2013-03-08 11:04 - 2012-07-12 14:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll

2013-03-08 11:04 - 2012-07-12 14:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll

2013-03-08 11:04 - 2012-07-12 14:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll

2013-03-08 11:04 - 2012-07-12 14:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll

2013-03-08 11:04 - 2012-07-12 14:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll

2013-03-08 11:04 - 2012-07-12 14:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 

AlternateDataStreams: C:\Windows:nlsPreferences

AlternateDataStreams: C:\Users\Wiebke\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\Wiebke\SkyDrive (2).old:ms-properties

AlternateDataStreams: C:\Users\Wiebke\SkyDrive.old:ms-properties
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-2638402565-1467238506-476182491-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Wiebke\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp

DNS Servers: 192.168.1.1
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-2638402565-1467238506-476182491-500 - Administrator - Disabled) => C:\Users\Administrator

Gast (S-1-5-21-2638402565-1467238506-476182491-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2638402565-1467238506-476182491-1007 - Limited - Enabled)

Martin (S-1-5-21-2638402565-1467238506-476182491-1005 - Limited - Enabled) => C:\Users\Martin

Wiebke (S-1-5-21-2638402565-1467238506-476182491-1002 - Administrator - Enabled) => C:\Users\Wiebke
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============
 

Microsoft Office Sessions:

=========================
 

==================== Memory info =========================== 
 

Processor: AMD E1-1500 APU with Radeon(tm) HD Graphics

Percentage of memory in use: 70%

Total physical RAM: 1606.26 MB

Available physical RAM: 473.24 MB

Total Pagefile: 3270.26 MB

Available Pagefile: 1589.08 MB

Total Virtual: 131072 MB

Available Virtual: 131071.85 MB
 

==================== Drives ================================
 

Drive c: (Lil'MsIndependent) (Fixed) (Total:250.42 GB) (Free:206.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.84 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 298.1 GB) (Disk ID: D2AB5D67)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

Liebste Grüße und einen schönen Ostermontag