| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Diverse Programme lassen sich nicht löschen (PCPerformer, Speedtest und mehr)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.05.2014, 18:52
| #1 |
 |  Diverse Programme lassen sich nicht löschen (PCPerformer, Speedtest und mehr) Hallo alle zusammen, meine Tante hat mir ihren Laptop vorbeigebracht mit der Aussage "der geht nicht mehr so richtig." Direkt nach dem hochfahren kam eine Popupfenster "4600 Fehler gefunden. Klicken Sie hier um die Fehler zu beheben." Als nächstes habe ich an die 15 Programme gefunden, die sich teilweise auch nicht mehr löschen lassen. Antivir war nicht installiert, das habe ich jetzt nachgeholt. Die Frage ist ob es nicht sogar sinnvoll wäre, den PC einfach einmal ganz neu aufzusetzen, statt zu versuchen alle Viren und Trojaner zu beheben. Hier aber einmal das logfile von Malwarebytes. Code:
ATTFilter <?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/05/28 07:58:13 +0200</date>
<logfile>mbam-log-2014-05-28 (07-57-56).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.05.28.03</malware-database>
<rootkit-database>v2014.05.21.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8</osversion>
<arch>x64</arch>
<username>kerstin</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>293189</objects>
<time>938</time>
<processes>3</processes>
<modules>0</modules>
<keys>123</keys>
<values>5</values>
<datas>1</datas>
<folders>11</folders>
<files>179</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>C:\ProgramData\InternetUpdater\InternetUpdaterService.exe</path><vendor>PUP.Optional.InternetUpdater.A</vendor><action>delete-on-reboot</action><pid>1992</pid><hash>f0d3ec6a7605b77f258c46fcbb464db3</hash></process>
<process><path>C:\Program Files\003\xmkysecqun64.exe</path><vendor>Adware.Adpeak</vendor><action>delete-on-reboot</action><pid>2120</pid><hash>576c1a3c5f1cdf578cceca7ff113e917</hash></process>
<process><path>C:\Program Files\003\xmkysecqun64.exe</path><vendor>PUP.Optional.AdPeak.A</vendor><action>delete-on-reboot</action><pid>2120</pid><hash>be0568ee225972c40c87791bd52d817f</hash></process>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\InternetUpdater</path><vendor>PUP.Optional.InternetUpdater.A</vendor><action>success</action><hash>f0d3ec6a7605b77f258c46fcbb464db3</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xmkysecqun64</path><vendor>Adware.Adpeak</vendor><action>success</action><hash>576c1a3c5f1cdf578cceca7ff113e917</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}</path><vendor>PUP.Optional.WebSteroids.A</vendor><action>success</action><hash>2b980d4919623501bb06df51b15149b7</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}</path><vendor>PUP.Optional.WebSteroids.A</vendor><action>success</action><hash>2b980d4919623501bb06df51b15149b7</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{FB61B649-3FC8-4754-89A2-501456130AB5}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{F2F1AE7C-149B-46D3-9498-12572C7AFE11}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F2F1AE7C-149B-46D3-9498-12572C7AFE11}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Speed Test 127.ScriptHostObject.1</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Speed Test 127.ScriptHostObject</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.ScriptHostObject</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.ScriptHostObject.1</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>delete-on-reboot</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>delete-on-reboot</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FB61B649-3FC8-4754-89A2-501456130AB5}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Speed Test 127.Tool.1</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Speed Test 127.Tool</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.Tool</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.Tool.1</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}\INPROCSERVER32</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{C45EC9F0-8333-465D-9728-074BD41985C9}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{C099CD7B-A94C-4229-B6F7-76D3494C88D8}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C099CD7B-A94C-4229-B6F7-76D3494C88D8}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{E150D1BB-AC3A-4E9A-B93F-983DFF23FF84}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E150D1BB-AC3A-4E9A-B93F-983DFF23FF84}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Free Games 111.Tool.1</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Free Games 111.Tool</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.Tool</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.Tool.1</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C45EC9F0-8333-465D-9728-074BD41985C9}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Free Games 111.ScriptHostObject.1</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Free Games 111.ScriptHostObject</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.ScriptHostObject</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C45EC9F0-8333-465D-9728-074BD41985C9}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C45EC9F0-8333-465D-9728-074BD41985C9}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.ScriptHostObject.1</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C45EC9F0-8333-465D-9728-074BD41985C9}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>delete-on-reboot</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C45EC9F0-8333-465D-9728-074BD41985C9}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>delete-on-reboot</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{C45EC9F0-8333-465D-9728-074BD41985C9}\INPROCSERVER32</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}</path><vendor>PUP.Optional.DynConIE.A</vendor><action>success</action><hash>33900c4a285386b0226d0e22af53936d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}</path><vendor>PUP.Optional.DynConIE.A</vendor><action>success</action><hash>33900c4a285386b0226d0e22af53936d</hash></key>
<key><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}</path><vendor>PUP.Optional.MultiIE.A</vendor><action>delete-on-reboot</action><hash>05beb3a3116a68cef28382aabd4520e0</hash></key>
<key><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}</path><vendor>PUP.Optional.MultiIE.A</vendor><action>delete-on-reboot</action><hash>05beb3a3116a68cef28382aabd4520e0</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>3a89f561d5a653e387a669fcf60c6799</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>00c385d13b407fb7250995d0738f1de3</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>15ae71e5fe7d0c2afbc7461e42c0f30d</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xmkysecqun64</path><vendor>PUP.Optional.AdPeak.A</vendor><action>success</action><hash>be0568ee225972c40c87791bd52d817f</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\InternetUpdater</path><vendor>PUP.Optional.InternetUpdater.A</vendor><action>success</action><hash>1ba874e2403bcf67913f8d1b3bc76d93</hash></key>
<key><path>HKLM\SOFTWARE\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>c00376e0c4b726100a1020899b6713ed</hash></key>
<key><path>HKLM\SOFTWARE\suprasavings</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>d7ec3b1ba0dbb2846e781188748e2ad6</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Free Games 111.BackgroundHostObject</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a61d82d41c5f8da9ebcc7631f80a5aa6</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Free Games 111.BackgroundHostObject.1</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>675c76e07ffcdb5b684ff2b518eaea16</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Free Games 111.Navbar</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>952e272f7dfe49edd2e5d1d6b949da26</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Free Games 111.Navbar.1</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>952eb2a4adcea88edcdb5f48d82a728e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>586b094d6a1188ae82dce9ea3bc814ec</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Speed Test 127.BackgroundHostObject</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>23a0bc9a116a93a33089c8dfc83a28d8</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Speed Test 127.BackgroundHostObject.1</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>3b880c4ac8b3a78f06b3634450b2d030</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Speed Test 127.Navbar</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>ffc45cfaef8c47ef6851cdda60a29d63</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Speed Test 127.Navbar.1</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>6f54f85e017a89ad91283077ef1329d7</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>fcc714422c4f0630e6340a9ff50dbb45</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.BackgroundHostObject</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>b60d59fdfa8183b3981faef97d854fb1</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.BackgroundHostObject.1</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>4e753620205b6dc937803a6d669c26da</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.Navbar</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>527185d14932290d8b2cd4d36f932dd3</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.Navbar.1</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>0fb4193da3d842f406b14f587989bd43</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>ead9bf975823a294f96519ba9172669a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.BackgroundHostObject</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>368d58fec7b451e5dedb5453649e8878</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.BackgroundHostObject.1</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>c7fc16401a61979ffcbd951213ef14ec</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.Navbar</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>e8dbfa5cc2b96accb504fea9db27ac54</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.Navbar.1</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>e8dbc19595e68fa763564c5b7d8529d7</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\PERFORMERSOFT\PC Performer</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>705330263a41221442e81aa5c43f19e7</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SWEETIM</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>40834610f982ee48c757c4fb3fc4fa06</hash></key>
<key><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>delete-on-reboot</action><hash>2d96f75f98e39a9cc4248712da2845bb</hash></key>
<key><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PERFORMERSOFT\PC Performer</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>delete-on-reboot</action><hash>576cd581f586b97d919a417e9e650bf5</hash></key>
<key><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM</path><vendor>PUP.Optional.SweetIM.A</vendor><action>delete-on-reboot</action><hash>754ee2745724f73ff726982737cc916f</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{08BB1B53-9220-44C1-B29B-7795C8E5965D}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{08BB1B53-9220-44C1-B29B-7795C8E5965D}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{FD58258C-84A6-4DEF-9793-019BE7F491A7}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FD58258C-84A6-4DEF-9793-019BE7F491A7}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{16F7ED3A-ECD8-46C7-8FD3-E4A8C79884D7}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{38D7B10F-7131-4677-ACE1-B8A071D29901}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{38D7B10F-7131-4677-ACE1-B8A071D29901}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{16F7ED3A-ECD8-46C7-8FD3-E4A8C79884D7}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{3013E03D-89D5-4580-8560-DB198297CC29}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{045F91B3-695F-423A-98C7-8DE3C47AA020}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{A1440EC3-F0FA-407A-B811-DE6668C06D29}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{C815E3DA-0823-49B0-9270-D1771D58B317}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{E4A994B0-5550-4680-A4C6-B9470B888069}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{F9EB11AB-9384-4736-9B33-993940F88895}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{045F91B3-695F-423A-98C7-8DE3C47AA020}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1440EC3-F0FA-407A-B811-DE6668C06D29}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C815E3DA-0823-49B0-9270-D1771D58B317}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E4A994B0-5550-4680-A4C6-B9470B888069}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F9EB11AB-9384-4736-9B33-993940F88895}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3013E03D-89D5-4580-8560-DB198297CC29}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{B69509B5-4A90-4433-A2DE-BE439F6581F2}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B69509B5-4A90-4433-A2DE-BE439F6581F2}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E09EF104-3849-47F4-B005-A120558F3FEF}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{53FDCCB0-2404-4274-9002-5A3A1FD40426}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{53FDCCB0-2404-4274-9002-5A3A1FD40426}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{E09EF104-3849-47F4-B005-A120558F3FEF}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<value><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS</path><valuename>{84FF7BD6-B47F-46F8-9130-01B2696B36CB}</valuename><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><valuedata></valuedata><hash>15ae71e5fe7d0c2afbc7461e42c0f30d</hash></value>
<value><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}</path><valuename></valuename><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><valuedata></valuedata><hash>5f6479dd0c6fd95d853d8dd720e2ff01</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\SWEETIM</path><valuename>simapp_id</valuename><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><valuedata>1763663189423554559</valuedata><hash>40834610f982ee48c757c4fb3fc4fa06</hash></value>
<value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\INTERNETUPDATER</path><valuename>ImagePath</valuename><vendor>PUP.Optional.InternetUpdater.A</vendor><action>success</action><valuedata>"C:\ProgramData\InternetUpdater\InternetUpdaterService.exe"</valuedata><hash>eed56cea7ffc360005cc55531fe334cc</hash></value>
<value><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM</path><valuename>simapp_id</valuename><vendor>PUP.Optional.SweetIM.A</vendor><action>delete-on-reboot</action><valuedata>1763663189423554559</valuedata><hash>754ee2745724f73ff726982737cc916f</hash></value>
<data><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.Conduit.A</vendor><action>delete-on-reboot</action><valuedata>hxxp://search.conduit.com/?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP77B12B96-9349-43F0-8DCE-9D66842923C2&SSPV=</valuedata><baddata>hxxp://search.conduit.com/?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP77B12B96-9349-43F0-8DCE-9D66842923C2&SSPV=</baddata><gooddata>hxxp://www.google.com</gooddata><hash>11b2381e6813290d2d42163ad52f35cb</hash></data>
<folder><path>C:\ProgramData\InternetUpdater</path><vendor>PUP.Optional.InternetUpdater.A</vendor><action>delete-on-reboot</action><hash>1ba874e2403bcf67913f8d1b3bc76d93</hash></folder>
<folder><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></folder>
<folder><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer\Partial Backups</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></folder>
<folder><path>C:\Program Files (x86)\PC Performer</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></folder>
<folder><path>C:\Users\kerstin\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>cbf8e86e58236accc8f76a0de61c31cf</hash></folder>
<folder><path>C:\Program Files (x86)\IminentToolbar</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>ebd8e5715b20ba7c83591c5bc63cce32</hash></folder>
<folder><path>C:\Users\kerstin\AppData\Local\Temp\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>5f64d77f67141f17dc2213645ca641bf</hash></folder>
<folder><path>C:\Users\kerstin\AppData\Local\Temp\CT3317209</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>477c183ec9b2999d005cef897989e719</hash></folder>
<folder><path>C:\Users\kerstin\AppData\Roaming\IminentToolbar</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>1da6f75f4833999d1f8e91e828da2bd5</hash></folder>
<folder><path>C:\Program Files (x86)\Free Games 111</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></folder>
<folder><path>C:\Program Files (x86)\Speed Test 127</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></folder>
<file><path>C:\ProgramData\InternetUpdater\InternetUpdaterService.exe</path><vendor>PUP.Optional.InternetUpdater.A</vendor><action>delete-on-reboot</action><hash>f0d3ec6a7605b77f258c46fcbb464db3</hash></file>
<file><path>C:\Program Files\003\xmkysecqun64.exe</path><vendor>Adware.Adpeak</vendor><action>delete-on-reboot</action><hash>576c1a3c5f1cdf578cceca7ff113e917</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\ScriptHost64.dll</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\ScriptHost.dll</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\ScriptHost64.dll</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\ScriptHost.dll</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe</path><vendor>PUP.Optional.GenericExt.A</vendor><action>success</action><hash>d2f1f363b6c5b680f83c043909f708f8</hash></file>
<file><path>C:\temp\InstallFilter64.msi</path><vendor>PUP.Optional.AdPeak.A</vendor><action>success</action><hash>b21188cee79449ed6e0463da9e627c84</hash></file>
<file><path>C:\temp\t.msi</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>17ac470f087389ade8269dab8a7a7c84</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\verifier.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>52712f27fa8136004073152d70902bd5</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\spstub.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>358eacaa314afe382627938a50b1f50b</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\GCVerifier.dll</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>6a590e48f38841f5971acd75768a3ec2</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\nsh7AEF.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>0fb404529edd0630f8290f1b05fcf709</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\nsk3615.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>774c0551cbb03ff7111096946b960cf4</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\nso32D8.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>5a69cf87b1ca82b4d64bb575f11009f7</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\nsd7E7A.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>b310173f96e5f046ce536dbd4db48d73</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\dlLogic.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>dde6292d285385b13e7450f29a666f91</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\n3304\Iminent_1712-b2fcad5e.exe</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>e9da90c67209f64004c7b39140c102fe</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\n3304\suprasavings_2703-e3e04064.exe</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>7350ff571f5cde5857e189a19d65a060</hash></file>
<file><path>C:\Windows\Temp\nsa13E5.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>ead9eb6b5b2058de1b06d05aeb16e61a</hash></file>
<file><path>C:\Windows\Temp\nsaD9F1.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>caf9fd59b6c5a78fa0810f1be41d29d7</hash></file>
<file><path>C:\Windows\Temp\nsbA377.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>aa19da7ce893c47223fed258b24f0000</hash></file>
<file><path>C:\Windows\Temp\nsbBA0A.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>d9ea1c3ad0ab24121f02a68410f14bb5</hash></file>
<file><path>C:\Windows\Temp\nsbC577.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>ac17e76f502bee4836eb35f590712dd3</hash></file>
<file><path>C:\Windows\Temp\nsn5A89.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>0db6282e9ae179bdd84988a209f88f71</hash></file>
<file><path>C:\Windows\Temp\nsn8900.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>685b60f65526a98dd74a8f9bba47d12f</hash></file>
<file><path>C:\Windows\Temp\nsn8C61.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>f2d14d09601b86b08998ef3bbf4226da</hash></file>
<file><path>C:\Windows\Temp\nsnEAB7.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>c6fd3f17ec8f3600bb66ed3de819817f</hash></file>
<file><path>C:\Windows\Temp\nso8BBF.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>992a1442e09bec4ae43d29010df444bc</hash></file>
<file><path>C:\Windows\Temp\nsp315F.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>b310b1a52c4f82b410115bcf7889f808</hash></file>
<file><path>C:\Windows\Temp\nsqA338.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>6d569fb7e596af87f72aaa80cc3546ba</hash></file>
<file><path>C:\Windows\Temp\nssB8CC.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>09bad185a8d32214e041c8629a679769</hash></file>
<file><path>C:\Windows\Temp\nst3FFF.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>893aafa783f8eb4ba77a8c9eee13946c</hash></file>
<file><path>C:\Windows\Temp\nst5AA9.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>caf9d482bfbc072f45dc38f220e1a15f</hash></file>
<file><path>C:\Windows\Temp\nstB509.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>e1e277df34479f97ab76f238669b6d93</hash></file>
<file><path>C:\Windows\Temp\nsu9AD.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>517299bdbbc069cdd34e0e1c0001f709</hash></file>
<file><path>C:\Windows\Temp\nsuA464.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>a2215501d0ab74c270b1b87279886e92</hash></file>
<file><path>C:\Windows\Temp\nswF86F.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>7a490f47adce5bdb75ac7baff011b050</hash></file>
<file><path>C:\Windows\Temp\nsx519A.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>0ab916400c6f87af54cd43e7f70aa65a</hash></file>
<file><path>C:\Windows\Temp\nsy21.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>a51e6ceaec8fcc6aae73240660a1c13f</hash></file>
<file><path>C:\Windows\Temp\nsy8193.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>695a1d392d4ef541111079b1ce330000</hash></file>
<file><path>C:\Windows\Temp\nsy8CA0.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>388b3e18314acc6a7da461c9966bdc24</hash></file>
<file><path>C:\Windows\Temp\nsyEAA8.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>7d460e483744bc7afc2506245ba68a76</hash></file>
<file><path>C:\Windows\Temp\nszA3E7.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>d6ed431369127eb8ef32e24854ad11ef</hash></file>
<file><path>C:\Windows\Temp\nsi340B.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>0ab97dd94536aa8c26fbe14955acd22e</hash></file>
<file><path>C:\Windows\Temp\nsj8EB4.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>546f1d39196270c6f82953d7ab56c040</hash></file>
<file><path>C:\Windows\Temp\nslC519.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>f2d15ff7097203335fc231f9c43d58a8</hash></file>
<file><path>C:\Windows\Temp\nsm31D8.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>0fb4ca8ccface2542cf574b646bba45c</hash></file>
<file><path>C:\Windows\Temp\nsmB8AC.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>41825ff71d5ebd7931f0f23841c0b848</hash></file>
<file><path>C:\Windows\Temp\nsmDE75.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>982bc78f4833c17580a133f703fe4db3</hash></file>
<file><path>C:\Windows\Temp\nsc2783.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>af14d97d1467092d5cc5f832b24f718f</hash></file>
<file><path>C:\Windows\Temp\nsc6661.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>0bb81640037852e49889d852fc0529d7</hash></file>
<file><path>C:\Windows\Temp\nse40DA.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>9c27fe58b9c239fdb36ef83226db3ac6</hash></file>
<file><path>C:\Windows\Temp\nseBD22.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>d9ea480e58239e983de4e94159a89070</hash></file>
<file><path>C:\Windows\Temp\nsf5E00.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>7350084ee59643f331f0fa3044bd9868</hash></file>
<file><path>C:\Windows\Temp\nsfF5A0.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>358e1e383d3ef5411110c961738e8f71</hash></file>
<file><path>C:\Users\kerstin\Downloads\Adobe Reader.exe</path><vendor>PUP.Optional.Firseria</vendor><action>success</action><hash>883b4412077470c67f5f255b3dc45da3</hash></file>
<file><path>C:\Users\kerstin\Downloads\Allin1Convert.exe</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>1ba8b3a30774d363b74eb87337cd1be5</hash></file>
<file><path>C:\Users\kerstin\Downloads\FreePDFReaderSetup.exe</path><vendor>PUP.Optional.InstallBrain.A</vendor><action>success</action><hash>8142be98d1aa9a9cdf9d8be33dc46799</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage</path><vendor>PUP.Optional.Superfish.A</vendor><action>success</action><hash>853e93c3403b0b2b8eb4c8c77e84e020</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal</path><vendor>PUP.Optional.Superfish.A</vendor><action>success</action><hash>962d80d674076bcb79c95639e220f907</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>dce74d0922599f97ee3fd9b730d2af51</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>b80bef67fe7d7cbaee3f504026dc6b95</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>13b0e27491ea70c6838d3a577e84fb05</hash></file>
<file><path>C:\Program Files\003\xmkysecqun64.exe</path><vendor>PUP.Optional.AdPeak.A</vendor><action>delete-on-reboot</action><hash>be0568ee225972c40c87791bd52d817f</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d.websteroidsapp.com_0.localstorage</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>e2e141152457e056a0c155458e747c84</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d.websteroidsapp.com_0.localstorage-journal</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>d7ec0d4996e5f54189d8bbdf7b87b44c</hash></file>
<file><path>C:\Windows\System32\roboot64.exe</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>d4ef5cfa34473ef842cb822037cb0ef2</hash></file>
<file><path>C:\ProgramData\InternetUpdater\InternetUpdater.ico</path><vendor>PUP.Optional.InternetUpdater.A</vendor><action>success</action><hash>1ba874e2403bcf67913f8d1b3bc76d93</hash></file>
<file><path>C:\ProgramData\InternetUpdater\app.dat</path><vendor>PUP.Optional.InternetUpdater.A</vendor><action>success</action><hash>1ba874e2403bcf67913f8d1b3bc76d93</hash></file>
<file><path>C:\ProgramData\InternetUpdater\data.dat</path><vendor>PUP.Optional.InternetUpdater.A</vendor><action>success</action><hash>1ba874e2403bcf67913f8d1b3bc76d93</hash></file>
<file><path>C:\ProgramData\InternetUpdater\InternetUpdaterService.exe.config</path><vendor>PUP.Optional.InternetUpdater.A</vendor><action>success</action><hash>1ba874e2403bcf67913f8d1b3bc76d93</hash></file>
<file><path>C:\ProgramData\InternetUpdater\Uninstall.exe</path><vendor>PUP.Optional.InternetUpdater.A</vendor><action>success</action><hash>1ba874e2403bcf67913f8d1b3bc76d93</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer\rcpupdate.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer\ExcludeList.rcp</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer\German_rcp.dat</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer\log_05-26-2014.log</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer\log_05-27-2014.log</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer\results.rcp</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer\TempHLList.rcp</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer\Partial Backups\00000001.rmx</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer\Partial Backups\00000001.rxb</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\xmllite.dll</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\Italian_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\Chinese_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\CleanSchedule.exe</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\Danish_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\Dutch_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\eng_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\Finnish_rcp_fi.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\French_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\German_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\greek_rcp_el.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\install_left_image.bmp</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\isxdl.dll</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\Japanese_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\korean_rcp_ko.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\Norwegian_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\PCPerformer.dll</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\PCPerformer.exe</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\polish_rcp_pl.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\portugese_rcp_pt.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\Portuguese_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\russian_rcp_ru.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\Spanish_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\Swedish_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\TraditionalCn_rcp_zh-tw.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\turkish_rcp_tr.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\unins000.dat</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\unins000.exe</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\unins000.msg</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Windows\Tasks\PC Performer_DEFAULT.job</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>4083282eb9c2ce6857f2902ca360e41c</hash></file>
<file><path>C:\Windows\Tasks\PC Performer_UPDATES.job</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6c57f5615c1f43f37eb4249a60a39c64</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\CT3317209\ddt.csf</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>477c183ec9b2999d005cef897989e719</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\IminentToolbar\sqlite3.dll</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>1da6f75f4833999d1f8e91e828da2bd5</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\DeskTopIcon.ico</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\AddonsFramework.Typelib.dll</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\AddonsFramework.Typelib64.dll</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\background.html</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\BackgroundHost.exe</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\BackgroundHost64.exe</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\button.js</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\ButtonSite.dll</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\ButtonSite64.dll</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\config.xml</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\content.js</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon128.ico</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon128.png</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon16.ico</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon16.png</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon18.ico</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon18.png</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon24.ico</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon24.png</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon32.ico</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon32.png</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon48.ico</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon48.png</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\jquery-1.9.1.min.js</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\json2.min.js</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\options.htm</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\rjs.js</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\uninst.exe</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\uninstall.exe</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\updater.js</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\updaterWrapper.js</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\DeskTopIcon.ico</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\AddonsFramework.Typelib.dll</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\AddonsFramework.Typelib64.dll</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\background.html</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\BackgroundHost.exe</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\BackgroundHost64.exe</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\button.js</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\ButtonSite.dll</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\ButtonSite64.dll</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\config.xml</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\content.js</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon128.ico</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon128.png</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon16.ico</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon16.png</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon18.ico</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon18.png</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon24.ico</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon24.png</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon32.ico</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon32.png</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon48.ico</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon48.png</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon64.ico</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon64.png</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\jquery-1.9.1.min.js</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\json2.min.js</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\options.htm</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\rjs.js</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\uninst.exe</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\uninstall.exe</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\updater.js</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\updaterWrapper.js</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
</items>
</mbam-log>
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02 Ran by kerstin (administrator) on VAIO on 28-05-2014 08:29:47 Running from C:\Users\kerstin\Downloads Platform: Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files\Sony\VAIO Care\VCPerfService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe () C:\Program Files\Sony\VAIO Care\listener.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-10-10] (Realtek Semiconductor) HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-11-05] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-11-05] (Atheros Communications) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-10-23] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-10-10] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [644656 2013-08-17] (McAfee, Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [183376 2014-05-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-09] (Avira Operations GmbH & Co. KG) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-2506654650-796066991-677667921-1001\...\MountPoints2: {7b6b7b5f-94bd-11e2-be73-a41731dab326} - "E:\.\Setup.exe" AUTORUN=1 HKU\S-1-5-21-2506654650-796066991-677667921-1001\...\MountPoints2: {7b6b7cc4-94bd-11e2-be73-a41731dab326} - "E:\.\Setup.exe" AUTORUN=1 HKU\S-1-5-21-2506654650-796066991-677667921-1001\...\MountPoints2: {b4a3e72f-c4b8-11e3-be95-a41731dab326} - "E:\.\Setup.exe" AUTORUN=1 HKU\S-1-5-21-2506654650-796066991-677667921-1001\...\MountPoints2: {b4a3e7d9-c4b8-11e3-be95-a41731dab326} - "E:\.\Setup.exe" AUTORUN=1 HKU\S-1-5-21-2506654650-796066991-677667921-1001\...\MountPoints2: {b4a3e862-c4b8-11e3-be95-a41731dab326} - "E:\.\Setup.exe" AUTORUN=1 HKU\S-1-5-21-2506654650-796066991-677667921-1001\...\MountPoints2: {dabeb57d-c706-11e3-be96-a41731dab326} - "E:\.\Setup.exe" AUTORUN=1 HKU\S-1-5-21-2506654650-796066991-677667921-1001\...\MountPoints2: {dabeb5aa-c706-11e3-be96-a41731dab326} - "E:\.\Setup.exe" AUTORUN=1 IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Parental Controls.lnk ShortcutTarget: McAfee Parental Controls.lnk -> C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP77B12B96-9349-43F0-8DCE-9D66842923C2&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP77B12B96-9349-43F0-8DCE-9D66842923C2&q={searchTerms}&SSPV= SearchScopes: HKCU - {356F967B-C0DB-413A-9722-2161E8C8B573} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms} SearchScopes: HKCU - {EF4931A1-F27D-4C98-80B4-EA0E228736DF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\sycvpt0y.default FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\sycvpt0y.default\user.js FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-01-09] FF HKCU\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\kerstin\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers FF Extension: Speed Test 127 - C:\Users\kerstin\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014-05-26] FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\kerstin\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers FF Extension: Free Games 111 - C:\Users\kerstin\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers [2014-05-26] Chrome: ======= CHR Extension: (Google Docs) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-25] CHR Extension: (Google Drive) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-25] CHR Extension: (No Name) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bglgepiolghndacjbjadadjnkgfgehcd [2014-02-12] CHR Extension: (YouTube) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-25] CHR Extension: (Google Search) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-25] CHR Extension: (QueeniCoupoon) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecfmlfgikjdagjikheaahnghjpajaljn [2014-05-24] CHR Extension: (weebsaver) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkfhabhpnkdiiiogbocaoiimogaadgmn [2014-01-27] CHR Extension: (TicTaCoUpon) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\moieabkfabdhfjlnalkfhdfekmmldnij [2014-03-18] CHR Extension: (Google Wallet) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26] CHR Extension: (sAveoRon) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\phcpimhcgagmbgbefciohdhljehmnalp [2014-02-15] CHR Extension: (Gmail) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-25] CHR Extension: (SaverProo) - C:\ProgramData\mchnfhjfmbklegkoglcpmfeopeffbfao [2014-01-27] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2014-04-18] () R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-11-05] (Qualcomm Atheros Commnucations) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [123984 2014-05-14] (Avira Operations GmbH & Co. KG) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.) S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McSchedulerSvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-15] (McAfee, Inc.) S3 mfeicfcoreocp; C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe [2782392 2013-12-31] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-11-15] (McAfee, Inc.) S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-10-18] (Sony Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation) R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] () S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation) R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1265824 2012-10-23] (Sony Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-11-05] (Atheros) ==================== Drivers (Whitelisted) ==================== R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-10-22] (Advanced Micro Devices) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-09] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-09] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-05] (Qualcomm Atheros) R3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-11-05] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [138752 2014-04-17] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-28] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-15] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-15] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-15] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-15] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-15] (McAfee, Inc.) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-23] (Synaptics Incorporated) R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation) R1 {f64c1459-b911-4fd8-a74e-36a496bf26e3}Gw64; C:\Windows\System32\drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gw64.sys [61112 2014-05-22] (StdLib) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-28 08:29 - 2014-05-28 08:30 - 00021163 _____ () C:\Users\kerstin\Downloads\FRST.txt 2014-05-28 08:29 - 2014-05-28 08:29 - 02066944 _____ (Farbar) C:\Users\kerstin\Downloads\FRST64.exe 2014-05-28 08:29 - 2014-05-28 08:29 - 00000000 ____D () C:\FRST 2014-05-28 08:28 - 2014-05-28 08:28 - 00000476 _____ () C:\Users\kerstin\Downloads\defogger_disable.log 2014-05-28 08:28 - 2014-05-28 08:28 - 00000000 _____ () C:\Users\kerstin\defogger_reenable 2014-05-28 08:27 - 2014-05-28 08:27 - 00050477 _____ () C:\Users\kerstin\Downloads\Defogger.exe 2014-05-28 07:57 - 2014-05-28 08:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-28 07:57 - 2014-05-28 07:57 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-28 07:57 - 2014-05-28 07:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-28 07:57 - 2014-05-28 07:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-28 07:57 - 2014-05-28 07:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-28 07:57 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-28 07:57 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-28 07:57 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-28 07:56 - 2014-05-28 07:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\kerstin\Downloads\mbam-setup-2.0.2.1012.exe 2014-05-28 07:31 - 2014-05-28 07:31 - 03673664 _____ (Piriform Ltd) C:\Users\kerstin\Downloads\ccsetup414_slim.exe 2014-05-28 07:31 - 2014-05-28 07:31 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-05-28 07:31 - 2014-05-28 07:31 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-05-28 07:31 - 2014-05-28 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-05-28 07:31 - 2014-05-28 07:31 - 00000000 ____D () C:\Program Files\CCleaner 2014-05-27 18:10 - 2014-05-27 18:10 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-27 18:10 - 2014-05-27 18:10 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-27 18:10 - 2014-05-27 18:10 - 00000000 ____D () C:\Users\kerstin\AppData\Local\Mozilla 2014-05-27 18:08 - 2014-05-27 18:08 - 00283144 _____ (Mozilla) C:\Users\kerstin\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-27 17:40 - 2014-05-27 17:40 - 00000000 ____D () C:\Users\kerstin\AppData\Roaming\Avira 2014-05-27 17:39 - 2014-05-09 11:16 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-05-27 17:39 - 2014-05-09 11:16 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-05-27 17:39 - 2014-05-09 11:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-05-27 17:36 - 2014-05-27 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-05-27 17:36 - 2014-05-27 17:39 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-27 17:36 - 2014-05-27 17:36 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-05-27 17:35 - 2014-05-27 17:39 - 00000000 ____D () C:\ProgramData\Avira 2014-05-27 17:35 - 2014-05-27 17:35 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\kerstin\Downloads\avira_de_av_4000461663__ws.exe 2014-05-27 17:35 - 2014-05-27 17:35 - 00000000 ____D () C:\ProgramData\Package Cache 2014-05-27 17:32 - 2014-05-27 17:32 - 00003402 _____ () C:\Windows\System32\Tasks\{CC799F03-888A-48DF-B208-788F6A14DAE5} 2014-05-27 17:27 - 2014-05-27 17:27 - 00000000 ____D () C:\Program Files (x86)\DaoocSCoonvoErtteer 2014-05-27 17:26 - 2014-05-27 17:26 - 00000000 ____D () C:\Program Files (x86)\KiangCiouupoN 2014-05-27 17:08 - 2014-05-27 17:08 - 00000000 ____D () C:\Program Files (x86)\CluiCkForSale 2014-05-26 16:47 - 2014-05-26 21:59 - 00001089 _____ () C:\Users\kerstin\Desktop\Continue VuuPC Installation.lnk 2014-05-26 16:43 - 2014-05-26 16:43 - 00002166 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-05-26 16:43 - 2014-05-26 16:43 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-05-26 16:43 - 2014-05-26 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-05-26 16:43 - 2014-05-26 16:43 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-05-26 16:43 - 2014-05-26 16:43 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan 2014-05-26 16:37 - 2014-05-28 07:35 - 00000000 ____D () C:\Users\kerstin\AppData\Roaming\Systweak 2014-05-26 16:37 - 2014-05-27 18:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-26 16:36 - 2014-05-28 08:19 - 00000000 ____D () C:\Program Files\003 2014-05-26 11:26 - 2014-05-26 11:26 - 00279584 _____ () C:\Windows\Minidump\052614-64640-01.dmp 2014-05-26 11:24 - 2014-05-26 11:24 - 00000000 __SHD () C:\found.002 2014-05-26 08:47 - 2014-05-27 17:54 - 00003118 _____ () C:\Windows\System32\Tasks\PC Performer 2014-05-26 08:46 - 2014-05-28 08:17 - 00000000 ____D () C:\Users\kerstin\AppData\Roaming\PerformerSoft 2014-05-26 08:46 - 2014-05-26 08:46 - 00001050 _____ () C:\Users\Public\Desktop\PC Performer.lnk 2014-05-26 08:46 - 2014-05-26 08:46 - 00000000 ____D () C:\Users\kerstin\AppData\Roaming\FreePDFReader 2014-05-26 08:46 - 2014-05-26 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer 2014-05-26 08:45 - 2014-05-26 08:46 - 00000000 ____D () C:\Program Files (x86)\FreePDFReader 2014-05-25 18:54 - 2014-05-22 18:19 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gw64.sys 2014-05-24 14:16 - 2014-05-01 22:37 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-24 14:16 - 2014-05-01 22:37 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-23 23:59 - 2014-05-27 17:21 - 00000000 ____D () C:\ProgramData\CluiCkForSale 2014-05-20 08:37 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-05-20 08:37 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2014-05-20 08:37 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-05-19 14:26 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-19 14:26 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-19 14:26 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-19 14:26 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-19 14:25 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-19 14:25 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-19 14:25 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-19 14:25 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-19 14:25 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-19 14:25 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-19 14:25 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-19 14:25 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-19 14:25 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll 2014-05-19 14:25 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2014-05-19 14:25 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-19 14:25 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-19 14:25 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll 2014-05-19 14:25 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-19 14:25 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-19 14:25 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll 2014-05-19 14:25 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2014-05-19 14:25 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-19 14:25 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-19 14:25 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-19 14:25 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-19 14:25 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-19 14:25 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll 2014-05-19 14:25 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-19 14:25 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-19 14:25 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-19 14:25 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-19 14:25 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-19 14:25 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-19 14:25 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-19 14:25 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-19 14:25 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-19 14:25 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2014-05-19 14:25 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-19 14:25 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-19 14:25 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-19 14:25 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-19 14:25 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-19 14:25 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-05-19 14:25 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-05-19 14:25 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll 2014-05-19 14:25 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll 2014-05-19 14:25 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-05-19 14:25 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2014-05-19 14:25 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2014-05-19 14:25 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2014-05-19 14:25 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2014-05-19 14:25 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys 2014-05-06 12:07 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe 2014-05-06 12:07 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-05-06 12:07 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-06 12:07 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-05-06 12:07 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-04 19:16 - 2014-05-27 14:34 - 00000463 _____ () C:\Users\kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website 2014-05-03 03:02 - 2014-05-03 03:02 - 00041652 _____ () C:\Windows\system32\s000000.dat 2014-05-03 02:59 - 2014-05-03 02:59 - 00000040 _____ () C:\Windows\system32\sstate_prev.sdt 2014-05-03 02:59 - 2014-05-03 02:59 - 00000000 _____ () C:\Windows\system32\sstates.sdt ==================== One Month Modified Files and Folders ======= 2014-05-28 08:30 - 2014-05-28 08:29 - 00021163 _____ () C:\Users\kerstin\Downloads\FRST.txt 2014-05-28 08:29 - 2014-05-28 08:29 - 02066944 _____ (Farbar) C:\Users\kerstin\Downloads\FRST64.exe 2014-05-28 08:29 - 2014-05-28 08:29 - 00000000 ____D () C:\FRST 2014-05-28 08:28 - 2014-05-28 08:28 - 00000476 _____ () C:\Users\kerstin\Downloads\defogger_disable.log 2014-05-28 08:28 - 2014-05-28 08:28 - 00000000 _____ () C:\Users\kerstin\defogger_reenable 2014-05-28 08:28 - 2013-07-07 08:58 - 00000000 ____D () C:\Users\kerstin 2014-05-28 08:27 - 2014-05-28 08:27 - 00050477 _____ () C:\Users\kerstin\Downloads\Defogger.exe 2014-05-28 08:27 - 2013-07-07 09:42 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2506654650-796066991-677667921-1001 2014-05-28 08:24 - 2013-01-09 02:00 - 01288823 _____ () C:\Windows\WindowsUpdate.log 2014-05-28 08:21 - 2014-05-28 07:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-28 08:21 - 2013-07-25 15:39 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-28 08:21 - 2013-01-09 02:30 - 00000000 ____D () C:\ProgramData\MOCP 2014-05-28 08:19 - 2014-05-26 16:36 - 00000000 ____D () C:\Program Files\003 2014-05-28 08:19 - 2014-04-18 16:10 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-05-28 08:19 - 2012-08-03 04:22 - 00149486 _____ () C:\Windows\PFRO.log 2014-05-28 08:19 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-28 08:19 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-05-28 08:17 - 2014-05-26 08:46 - 00000000 ____D () C:\Users\kerstin\AppData\Roaming\PerformerSoft 2014-05-28 08:03 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\tracing 2014-05-28 08:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2014-05-28 07:57 - 2014-05-28 07:57 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-28 07:57 - 2014-05-28 07:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-28 07:57 - 2014-05-28 07:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-28 07:57 - 2014-05-28 07:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-28 07:56 - 2014-05-28 07:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\kerstin\Downloads\mbam-setup-2.0.2.1012.exe 2014-05-28 07:54 - 2013-07-25 15:39 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-28 07:35 - 2014-05-26 16:37 - 00000000 ____D () C:\Users\kerstin\AppData\Roaming\Systweak 2014-05-28 07:31 - 2014-05-28 07:31 - 03673664 _____ (Piriform Ltd) C:\Users\kerstin\Downloads\ccsetup414_slim.exe 2014-05-28 07:31 - 2014-05-28 07:31 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-05-28 07:31 - 2014-05-28 07:31 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-05-28 07:31 - 2014-05-28 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-05-28 07:31 - 2014-05-28 07:31 - 00000000 ____D () C:\Program Files\CCleaner 2014-05-28 07:22 - 2013-07-07 09:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-28 07:17 - 2014-01-27 21:37 - 00000000 ____D () C:\ProgramData\weebsaver 2014-05-27 20:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache 2014-05-27 18:33 - 2014-02-15 22:48 - 00000000 ____D () C:\ProgramData\sAveoRon 2014-05-27 18:20 - 2014-01-27 21:37 - 00000000 ____D () C:\ProgramData\SaverProo 2014-05-27 18:10 - 2014-05-27 18:10 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-27 18:10 - 2014-05-27 18:10 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-27 18:10 - 2014-05-27 18:10 - 00000000 ____D () C:\Users\kerstin\AppData\Local\Mozilla 2014-05-27 18:10 - 2014-05-26 16:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-27 18:10 - 2014-03-27 09:46 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0C9F0AAB-17A9-4111-A221-1345BA5E1119} 2014-05-27 18:08 - 2014-05-27 18:08 - 00283144 _____ (Mozilla) C:\Users\kerstin\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-27 18:07 - 2012-07-26 07:26 - 00000226 _____ () C:\Windows\win.ini 2014-05-27 17:54 - 2014-05-26 08:47 - 00003118 _____ () C:\Windows\System32\Tasks\PC Performer 2014-05-27 17:50 - 2013-07-07 09:35 - 00000000 ___RD () C:\Users\kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-27 17:44 - 2014-03-18 19:17 - 00000000 ____D () C:\ProgramData\KiangCiouupoN 2014-05-27 17:44 - 2014-02-03 20:34 - 00000000 ____D () C:\ProgramData\DaoocSCoonvoErtteer 2014-05-27 17:40 - 2014-05-27 17:40 - 00000000 ____D () C:\Users\kerstin\AppData\Roaming\Avira 2014-05-27 17:39 - 2014-05-27 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-05-27 17:39 - 2014-05-27 17:36 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-27 17:39 - 2014-05-27 17:35 - 00000000 ____D () C:\ProgramData\Avira 2014-05-27 17:36 - 2014-05-27 17:36 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-05-27 17:35 - 2014-05-27 17:35 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\kerstin\Downloads\avira_de_av_4000461663__ws.exe 2014-05-27 17:35 - 2014-05-27 17:35 - 00000000 ____D () C:\ProgramData\Package Cache 2014-05-27 17:32 - 2014-05-27 17:32 - 00003402 _____ () C:\Windows\System32\Tasks\{CC799F03-888A-48DF-B208-788F6A14DAE5} 2014-05-27 17:31 - 2013-07-30 11:03 - 00000000 ____D () C:\Users\kerstin\AppData\Local\CrashDumps 2014-05-27 17:30 - 2013-01-09 01:36 - 00753134 _____ () C:\Windows\system32\perfh007.dat 2014-05-27 17:30 - 2013-01-09 01:36 - 00155826 _____ () C:\Windows\system32\perfc007.dat 2014-05-27 17:30 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-27 17:27 - 2014-05-27 17:27 - 00000000 ____D () C:\Program Files (x86)\DaoocSCoonvoErtteer 2014-05-27 17:26 - 2014-05-27 17:26 - 00000000 ____D () C:\Program Files (x86)\KiangCiouupoN 2014-05-27 17:26 - 2014-01-27 21:37 - 00000000 ____D () C:\ProgramData\a130b489b9c6817 2014-05-27 17:21 - 2014-05-23 23:59 - 00000000 ____D () C:\ProgramData\CluiCkForSale 2014-05-27 17:08 - 2014-05-27 17:08 - 00000000 ____D () C:\Program Files (x86)\CluiCkForSale 2014-05-27 14:34 - 2014-05-04 19:16 - 00000463 _____ () C:\Users\kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website 2014-05-27 11:46 - 2013-06-06 19:02 - 00014336 ___SH () C:\Users\kerstin\Downloads\Thumbs.db 2014-05-26 21:59 - 2014-05-26 16:47 - 00001089 _____ () C:\Users\kerstin\Desktop\Continue VuuPC Installation.lnk 2014-05-26 16:43 - 2014-05-26 16:43 - 00002166 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-05-26 16:43 - 2014-05-26 16:43 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-05-26 16:43 - 2014-05-26 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-05-26 16:43 - 2014-05-26 16:43 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-05-26 16:43 - 2014-05-26 16:43 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan 2014-05-26 16:43 - 2013-01-09 02:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-26 16:43 - 2012-07-26 10:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp 2014-05-26 16:42 - 2013-01-09 02:26 - 00000000 ____D () C:\ProgramData\Adobe 2014-05-26 16:36 - 2013-07-07 12:53 - 00000000 ____D () C:\Users\kerstin\AppData\Local\Adobe 2014-05-26 11:26 - 2014-05-26 11:26 - 00279584 _____ () C:\Windows\Minidump\052614-64640-01.dmp 2014-05-26 11:26 - 2013-09-24 20:32 - 00000000 ____D () C:\Windows\Minidump 2014-05-26 11:26 - 2013-09-18 13:30 - 511906660 _____ () C:\Windows\MEMORY.DMP 2014-05-26 11:24 - 2014-05-26 11:24 - 00000000 __SHD () C:\found.002 2014-05-26 08:46 - 2014-05-26 08:46 - 00001050 _____ () C:\Users\Public\Desktop\PC Performer.lnk 2014-05-26 08:46 - 2014-05-26 08:46 - 00000000 ____D () C:\Users\kerstin\AppData\Roaming\FreePDFReader 2014-05-26 08:46 - 2014-05-26 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer 2014-05-26 08:46 - 2014-05-26 08:45 - 00000000 ____D () C:\Program Files (x86)\FreePDFReader 2014-05-25 18:48 - 2013-07-02 16:35 - 00000000 ____D () C:\claudia 2014-05-25 18:28 - 2013-06-30 08:28 - 00000000 ____D () C:\urlaub 2014-05-25 18:23 - 2013-05-20 12:01 - 00000000 ____D () C:\skiurlaub1 2014-05-25 18:08 - 2013-05-15 16:55 - 00000000 ____D () C:\skiurlaub 2014-05-24 16:22 - 2013-01-09 02:03 - 00000000 ____D () C:\ProgramData\Sony Corporation 2014-05-24 14:17 - 2013-07-07 09:35 - 00000000 ___RD () C:\Users\kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-24 14:11 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData 2014-05-24 14:11 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-24 14:11 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-24 14:11 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore 2014-05-24 14:11 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates 2014-05-24 14:11 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-05-24 14:11 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-05-23 14:24 - 2013-08-18 20:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-23 14:23 - 2013-07-08 17:26 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-22 18:19 - 2014-05-25 18:54 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gw64.sys 2014-05-21 02:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-05-12 07:26 - 2014-05-28 07:57 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-05-28 07:57 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-05-28 07:57 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-09 11:16 - 2014-05-27 17:39 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-05-09 11:16 - 2014-05-27 17:39 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-05-09 11:16 - 2014-05-27 17:39 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-05-06 07:14 - 2014-05-19 14:25 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 07:14 - 2014-05-19 14:25 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 05:48 - 2014-05-19 14:25 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:48 - 2014-05-19 14:25 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-06 05:37 - 2014-05-19 14:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:26 - 2014-05-19 14:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-03 03:02 - 2014-05-03 03:02 - 00041652 _____ () C:\Windows\system32\s000000.dat 2014-05-03 02:59 - 2014-05-03 02:59 - 00000040 _____ () C:\Windows\system32\sstate_prev.sdt 2014-05-03 02:59 - 2014-05-03 02:59 - 00000000 _____ () C:\Windows\system32\sstates.sdt 2014-05-01 22:37 - 2014-05-24 14:16 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-01 22:37 - 2014-05-24 14:16 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\kerstin\AppData\Local\Temp\avgnt.exe C:\Users\kerstin\AppData\Local\Temp\BackupSetup.exe C:\Users\kerstin\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih.exe C:\Users\kerstin\AppData\Local\Temp\mfc80.dll C:\Users\kerstin\AppData\Local\Temp\mfc80u.dll C:\Users\kerstin\AppData\Local\Temp\mfcm80.dll C:\Users\kerstin\AppData\Local\Temp\mfcm80u.dll C:\Users\kerstin\AppData\Local\Temp\msvcm80.dll C:\Users\kerstin\AppData\Local\Temp\msvcp80.dll C:\Users\kerstin\AppData\Local\Temp\msvcr80.dll C:\Users\kerstin\AppData\Local\Temp\nshDA29.exe C:\Users\kerstin\AppData\Local\Temp\nsjDE22.exe C:\Users\kerstin\AppData\Local\Temp\nsoB95F.exe C:\Users\kerstin\AppData\Local\Temp\nsqB056.exe C:\Users\kerstin\AppData\Local\Temp\nsr9BA5.exe C:\Users\kerstin\AppData\Local\Temp\OSU.exe C:\Users\kerstin\AppData\Local\Temp\SPSetup.exe C:\Users\kerstin\AppData\Local\Temp\Uninstaller.exe C:\Users\kerstin\AppData\Local\Temp\vcredist_x64.exe C:\Users\kerstin\AppData\Local\Temp\VersionUpdater.exe C:\Users\kerstin\AppData\Local\Temp\WtgDriverInstallX.dll C:\Users\kerstin\AppData\Local\Temp\WTGXMLUtil.dll C:\Users\kerstin\AppData\Local\Temp\WtgZip.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-19 14:25] - [2014-04-12 11:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-28 03:00 ==================== End Of Log ============================ Liebe Grüße Joolez |
Baum-Darstellung