| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Diverse Programme lassen sich nicht löschen (PCPerformer, Speedtest und mehr)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.05.2014, 18:52
| #1 |
 |  Diverse Programme lassen sich nicht löschen (PCPerformer, Speedtest und mehr) Hallo alle zusammen, meine Tante hat mir ihren Laptop vorbeigebracht mit der Aussage "der geht nicht mehr so richtig." Direkt nach dem hochfahren kam eine Popupfenster "4600 Fehler gefunden. Klicken Sie hier um die Fehler zu beheben." Als nächstes habe ich an die 15 Programme gefunden, die sich teilweise auch nicht mehr löschen lassen. Antivir war nicht installiert, das habe ich jetzt nachgeholt. Die Frage ist ob es nicht sogar sinnvoll wäre, den PC einfach einmal ganz neu aufzusetzen, statt zu versuchen alle Viren und Trojaner zu beheben. Hier aber einmal das logfile von Malwarebytes. Code:
ATTFilter <?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/05/28 07:58:13 +0200</date>
<logfile>mbam-log-2014-05-28 (07-57-56).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.05.28.03</malware-database>
<rootkit-database>v2014.05.21.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8</osversion>
<arch>x64</arch>
<username>kerstin</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>293189</objects>
<time>938</time>
<processes>3</processes>
<modules>0</modules>
<keys>123</keys>
<values>5</values>
<datas>1</datas>
<folders>11</folders>
<files>179</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>C:\ProgramData\InternetUpdater\InternetUpdaterService.exe</path><vendor>PUP.Optional.InternetUpdater.A</vendor><action>delete-on-reboot</action><pid>1992</pid><hash>f0d3ec6a7605b77f258c46fcbb464db3</hash></process>
<process><path>C:\Program Files\003\xmkysecqun64.exe</path><vendor>Adware.Adpeak</vendor><action>delete-on-reboot</action><pid>2120</pid><hash>576c1a3c5f1cdf578cceca7ff113e917</hash></process>
<process><path>C:\Program Files\003\xmkysecqun64.exe</path><vendor>PUP.Optional.AdPeak.A</vendor><action>delete-on-reboot</action><pid>2120</pid><hash>be0568ee225972c40c87791bd52d817f</hash></process>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\InternetUpdater</path><vendor>PUP.Optional.InternetUpdater.A</vendor><action>success</action><hash>f0d3ec6a7605b77f258c46fcbb464db3</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xmkysecqun64</path><vendor>Adware.Adpeak</vendor><action>success</action><hash>576c1a3c5f1cdf578cceca7ff113e917</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}</path><vendor>PUP.Optional.WebSteroids.A</vendor><action>success</action><hash>2b980d4919623501bb06df51b15149b7</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}</path><vendor>PUP.Optional.WebSteroids.A</vendor><action>success</action><hash>2b980d4919623501bb06df51b15149b7</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{FB61B649-3FC8-4754-89A2-501456130AB5}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{F2F1AE7C-149B-46D3-9498-12572C7AFE11}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F2F1AE7C-149B-46D3-9498-12572C7AFE11}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Speed Test 127.ScriptHostObject.1</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Speed Test 127.ScriptHostObject</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.ScriptHostObject</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.ScriptHostObject.1</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>delete-on-reboot</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>delete-on-reboot</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FB61B649-3FC8-4754-89A2-501456130AB5}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Speed Test 127.Tool.1</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Speed Test 127.Tool</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.Tool</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.Tool.1</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}\INPROCSERVER32</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{C45EC9F0-8333-465D-9728-074BD41985C9}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{C099CD7B-A94C-4229-B6F7-76D3494C88D8}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C099CD7B-A94C-4229-B6F7-76D3494C88D8}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{E150D1BB-AC3A-4E9A-B93F-983DFF23FF84}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E150D1BB-AC3A-4E9A-B93F-983DFF23FF84}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Free Games 111.Tool.1</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Free Games 111.Tool</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.Tool</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.Tool.1</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C45EC9F0-8333-465D-9728-074BD41985C9}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Free Games 111.ScriptHostObject.1</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Free Games 111.ScriptHostObject</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.ScriptHostObject</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C45EC9F0-8333-465D-9728-074BD41985C9}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C45EC9F0-8333-465D-9728-074BD41985C9}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.ScriptHostObject.1</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C45EC9F0-8333-465D-9728-074BD41985C9}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>delete-on-reboot</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C45EC9F0-8333-465D-9728-074BD41985C9}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>delete-on-reboot</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{C45EC9F0-8333-465D-9728-074BD41985C9}\INPROCSERVER32</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}</path><vendor>PUP.Optional.DynConIE.A</vendor><action>success</action><hash>33900c4a285386b0226d0e22af53936d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}</path><vendor>PUP.Optional.DynConIE.A</vendor><action>success</action><hash>33900c4a285386b0226d0e22af53936d</hash></key>
<key><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}</path><vendor>PUP.Optional.MultiIE.A</vendor><action>delete-on-reboot</action><hash>05beb3a3116a68cef28382aabd4520e0</hash></key>
<key><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}</path><vendor>PUP.Optional.MultiIE.A</vendor><action>delete-on-reboot</action><hash>05beb3a3116a68cef28382aabd4520e0</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>3a89f561d5a653e387a669fcf60c6799</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>00c385d13b407fb7250995d0738f1de3</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>15ae71e5fe7d0c2afbc7461e42c0f30d</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xmkysecqun64</path><vendor>PUP.Optional.AdPeak.A</vendor><action>success</action><hash>be0568ee225972c40c87791bd52d817f</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\InternetUpdater</path><vendor>PUP.Optional.InternetUpdater.A</vendor><action>success</action><hash>1ba874e2403bcf67913f8d1b3bc76d93</hash></key>
<key><path>HKLM\SOFTWARE\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>c00376e0c4b726100a1020899b6713ed</hash></key>
<key><path>HKLM\SOFTWARE\suprasavings</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>d7ec3b1ba0dbb2846e781188748e2ad6</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Free Games 111.BackgroundHostObject</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a61d82d41c5f8da9ebcc7631f80a5aa6</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Free Games 111.BackgroundHostObject.1</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>675c76e07ffcdb5b684ff2b518eaea16</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Free Games 111.Navbar</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>952e272f7dfe49edd2e5d1d6b949da26</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Free Games 111.Navbar.1</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>952eb2a4adcea88edcdb5f48d82a728e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>586b094d6a1188ae82dce9ea3bc814ec</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Speed Test 127.BackgroundHostObject</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>23a0bc9a116a93a33089c8dfc83a28d8</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Speed Test 127.BackgroundHostObject.1</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>3b880c4ac8b3a78f06b3634450b2d030</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Speed Test 127.Navbar</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>ffc45cfaef8c47ef6851cdda60a29d63</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Speed Test 127.Navbar.1</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>6f54f85e017a89ad91283077ef1329d7</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>fcc714422c4f0630e6340a9ff50dbb45</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.BackgroundHostObject</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>b60d59fdfa8183b3981faef97d854fb1</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.BackgroundHostObject.1</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>4e753620205b6dc937803a6d669c26da</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.Navbar</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>527185d14932290d8b2cd4d36f932dd3</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.Navbar.1</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>0fb4193da3d842f406b14f587989bd43</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>ead9bf975823a294f96519ba9172669a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.BackgroundHostObject</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>368d58fec7b451e5dedb5453649e8878</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.BackgroundHostObject.1</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>c7fc16401a61979ffcbd951213ef14ec</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.Navbar</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>e8dbfa5cc2b96accb504fea9db27ac54</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.Navbar.1</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>e8dbc19595e68fa763564c5b7d8529d7</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\PERFORMERSOFT\PC Performer</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>705330263a41221442e81aa5c43f19e7</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SWEETIM</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>40834610f982ee48c757c4fb3fc4fa06</hash></key>
<key><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>delete-on-reboot</action><hash>2d96f75f98e39a9cc4248712da2845bb</hash></key>
<key><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PERFORMERSOFT\PC Performer</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>delete-on-reboot</action><hash>576cd581f586b97d919a417e9e650bf5</hash></key>
<key><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM</path><vendor>PUP.Optional.SweetIM.A</vendor><action>delete-on-reboot</action><hash>754ee2745724f73ff726982737cc916f</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{08BB1B53-9220-44C1-B29B-7795C8E5965D}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{08BB1B53-9220-44C1-B29B-7795C8E5965D}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{FD58258C-84A6-4DEF-9793-019BE7F491A7}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FD58258C-84A6-4DEF-9793-019BE7F491A7}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{16F7ED3A-ECD8-46C7-8FD3-E4A8C79884D7}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{38D7B10F-7131-4677-ACE1-B8A071D29901}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{38D7B10F-7131-4677-ACE1-B8A071D29901}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{16F7ED3A-ECD8-46C7-8FD3-E4A8C79884D7}</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{3013E03D-89D5-4580-8560-DB198297CC29}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{045F91B3-695F-423A-98C7-8DE3C47AA020}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{A1440EC3-F0FA-407A-B811-DE6668C06D29}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{C815E3DA-0823-49B0-9270-D1771D58B317}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{E4A994B0-5550-4680-A4C6-B9470B888069}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{F9EB11AB-9384-4736-9B33-993940F88895}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{045F91B3-695F-423A-98C7-8DE3C47AA020}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1440EC3-F0FA-407A-B811-DE6668C06D29}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C815E3DA-0823-49B0-9270-D1771D58B317}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E4A994B0-5550-4680-A4C6-B9470B888069}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F9EB11AB-9384-4736-9B33-993940F88895}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3013E03D-89D5-4580-8560-DB198297CC29}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{B69509B5-4A90-4433-A2DE-BE439F6581F2}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B69509B5-4A90-4433-A2DE-BE439F6581F2}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E09EF104-3849-47F4-B005-A120558F3FEF}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{53FDCCB0-2404-4274-9002-5A3A1FD40426}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{53FDCCB0-2404-4274-9002-5A3A1FD40426}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{E09EF104-3849-47F4-B005-A120558F3FEF}</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></key>
<value><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS</path><valuename>{84FF7BD6-B47F-46F8-9130-01B2696B36CB}</valuename><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><valuedata></valuedata><hash>15ae71e5fe7d0c2afbc7461e42c0f30d</hash></value>
<value><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}</path><valuename></valuename><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><valuedata></valuedata><hash>5f6479dd0c6fd95d853d8dd720e2ff01</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\SWEETIM</path><valuename>simapp_id</valuename><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><valuedata>1763663189423554559</valuedata><hash>40834610f982ee48c757c4fb3fc4fa06</hash></value>
<value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\INTERNETUPDATER</path><valuename>ImagePath</valuename><vendor>PUP.Optional.InternetUpdater.A</vendor><action>success</action><valuedata>"C:\ProgramData\InternetUpdater\InternetUpdaterService.exe"</valuedata><hash>eed56cea7ffc360005cc55531fe334cc</hash></value>
<value><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM</path><valuename>simapp_id</valuename><vendor>PUP.Optional.SweetIM.A</vendor><action>delete-on-reboot</action><valuedata>1763663189423554559</valuedata><hash>754ee2745724f73ff726982737cc916f</hash></value>
<data><path>HKU\S-1-5-21-2506654650-796066991-677667921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.Conduit.A</vendor><action>delete-on-reboot</action><valuedata>hxxp://search.conduit.com/?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP77B12B96-9349-43F0-8DCE-9D66842923C2&SSPV=</valuedata><baddata>hxxp://search.conduit.com/?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP77B12B96-9349-43F0-8DCE-9D66842923C2&SSPV=</baddata><gooddata>hxxp://www.google.com</gooddata><hash>11b2381e6813290d2d42163ad52f35cb</hash></data>
<folder><path>C:\ProgramData\InternetUpdater</path><vendor>PUP.Optional.InternetUpdater.A</vendor><action>delete-on-reboot</action><hash>1ba874e2403bcf67913f8d1b3bc76d93</hash></folder>
<folder><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></folder>
<folder><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer\Partial Backups</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></folder>
<folder><path>C:\Program Files (x86)\PC Performer</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></folder>
<folder><path>C:\Users\kerstin\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>cbf8e86e58236accc8f76a0de61c31cf</hash></folder>
<folder><path>C:\Program Files (x86)\IminentToolbar</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>ebd8e5715b20ba7c83591c5bc63cce32</hash></folder>
<folder><path>C:\Users\kerstin\AppData\Local\Temp\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>5f64d77f67141f17dc2213645ca641bf</hash></folder>
<folder><path>C:\Users\kerstin\AppData\Local\Temp\CT3317209</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>477c183ec9b2999d005cef897989e719</hash></folder>
<folder><path>C:\Users\kerstin\AppData\Roaming\IminentToolbar</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>1da6f75f4833999d1f8e91e828da2bd5</hash></folder>
<folder><path>C:\Program Files (x86)\Free Games 111</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></folder>
<folder><path>C:\Program Files (x86)\Speed Test 127</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></folder>
<file><path>C:\ProgramData\InternetUpdater\InternetUpdaterService.exe</path><vendor>PUP.Optional.InternetUpdater.A</vendor><action>delete-on-reboot</action><hash>f0d3ec6a7605b77f258c46fcbb464db3</hash></file>
<file><path>C:\Program Files\003\xmkysecqun64.exe</path><vendor>Adware.Adpeak</vendor><action>delete-on-reboot</action><hash>576c1a3c5f1cdf578cceca7ff113e917</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\ScriptHost64.dll</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\ScriptHost.dll</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>a122470fb1ca6cca7117e74762a047b9</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\ScriptHost64.dll</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\ScriptHost.dll</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>a221c2941863a3938cd39896c141c63a</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe</path><vendor>PUP.Optional.GenericExt.A</vendor><action>success</action><hash>d2f1f363b6c5b680f83c043909f708f8</hash></file>
<file><path>C:\temp\InstallFilter64.msi</path><vendor>PUP.Optional.AdPeak.A</vendor><action>success</action><hash>b21188cee79449ed6e0463da9e627c84</hash></file>
<file><path>C:\temp\t.msi</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>17ac470f087389ade8269dab8a7a7c84</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\verifier.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>52712f27fa8136004073152d70902bd5</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\spstub.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>358eacaa314afe382627938a50b1f50b</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\GCVerifier.dll</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>6a590e48f38841f5971acd75768a3ec2</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\nsh7AEF.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>0fb404529edd0630f8290f1b05fcf709</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\nsk3615.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>774c0551cbb03ff7111096946b960cf4</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\nso32D8.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>5a69cf87b1ca82b4d64bb575f11009f7</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\nsd7E7A.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>b310173f96e5f046ce536dbd4db48d73</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\dlLogic.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>dde6292d285385b13e7450f29a666f91</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\n3304\Iminent_1712-b2fcad5e.exe</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>e9da90c67209f64004c7b39140c102fe</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\n3304\suprasavings_2703-e3e04064.exe</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>7350ff571f5cde5857e189a19d65a060</hash></file>
<file><path>C:\Windows\Temp\nsa13E5.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>ead9eb6b5b2058de1b06d05aeb16e61a</hash></file>
<file><path>C:\Windows\Temp\nsaD9F1.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>caf9fd59b6c5a78fa0810f1be41d29d7</hash></file>
<file><path>C:\Windows\Temp\nsbA377.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>aa19da7ce893c47223fed258b24f0000</hash></file>
<file><path>C:\Windows\Temp\nsbBA0A.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>d9ea1c3ad0ab24121f02a68410f14bb5</hash></file>
<file><path>C:\Windows\Temp\nsbC577.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>ac17e76f502bee4836eb35f590712dd3</hash></file>
<file><path>C:\Windows\Temp\nsn5A89.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>0db6282e9ae179bdd84988a209f88f71</hash></file>
<file><path>C:\Windows\Temp\nsn8900.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>685b60f65526a98dd74a8f9bba47d12f</hash></file>
<file><path>C:\Windows\Temp\nsn8C61.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>f2d14d09601b86b08998ef3bbf4226da</hash></file>
<file><path>C:\Windows\Temp\nsnEAB7.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>c6fd3f17ec8f3600bb66ed3de819817f</hash></file>
<file><path>C:\Windows\Temp\nso8BBF.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>992a1442e09bec4ae43d29010df444bc</hash></file>
<file><path>C:\Windows\Temp\nsp315F.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>b310b1a52c4f82b410115bcf7889f808</hash></file>
<file><path>C:\Windows\Temp\nsqA338.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>6d569fb7e596af87f72aaa80cc3546ba</hash></file>
<file><path>C:\Windows\Temp\nssB8CC.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>09bad185a8d32214e041c8629a679769</hash></file>
<file><path>C:\Windows\Temp\nst3FFF.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>893aafa783f8eb4ba77a8c9eee13946c</hash></file>
<file><path>C:\Windows\Temp\nst5AA9.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>caf9d482bfbc072f45dc38f220e1a15f</hash></file>
<file><path>C:\Windows\Temp\nstB509.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>e1e277df34479f97ab76f238669b6d93</hash></file>
<file><path>C:\Windows\Temp\nsu9AD.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>517299bdbbc069cdd34e0e1c0001f709</hash></file>
<file><path>C:\Windows\Temp\nsuA464.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>a2215501d0ab74c270b1b87279886e92</hash></file>
<file><path>C:\Windows\Temp\nswF86F.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>7a490f47adce5bdb75ac7baff011b050</hash></file>
<file><path>C:\Windows\Temp\nsx519A.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>0ab916400c6f87af54cd43e7f70aa65a</hash></file>
<file><path>C:\Windows\Temp\nsy21.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>a51e6ceaec8fcc6aae73240660a1c13f</hash></file>
<file><path>C:\Windows\Temp\nsy8193.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>695a1d392d4ef541111079b1ce330000</hash></file>
<file><path>C:\Windows\Temp\nsy8CA0.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>388b3e18314acc6a7da461c9966bdc24</hash></file>
<file><path>C:\Windows\Temp\nsyEAA8.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>7d460e483744bc7afc2506245ba68a76</hash></file>
<file><path>C:\Windows\Temp\nszA3E7.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>d6ed431369127eb8ef32e24854ad11ef</hash></file>
<file><path>C:\Windows\Temp\nsi340B.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>0ab97dd94536aa8c26fbe14955acd22e</hash></file>
<file><path>C:\Windows\Temp\nsj8EB4.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>546f1d39196270c6f82953d7ab56c040</hash></file>
<file><path>C:\Windows\Temp\nslC519.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>f2d15ff7097203335fc231f9c43d58a8</hash></file>
<file><path>C:\Windows\Temp\nsm31D8.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>0fb4ca8ccface2542cf574b646bba45c</hash></file>
<file><path>C:\Windows\Temp\nsmB8AC.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>41825ff71d5ebd7931f0f23841c0b848</hash></file>
<file><path>C:\Windows\Temp\nsmDE75.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>982bc78f4833c17580a133f703fe4db3</hash></file>
<file><path>C:\Windows\Temp\nsc2783.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>af14d97d1467092d5cc5f832b24f718f</hash></file>
<file><path>C:\Windows\Temp\nsc6661.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>0bb81640037852e49889d852fc0529d7</hash></file>
<file><path>C:\Windows\Temp\nse40DA.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>9c27fe58b9c239fdb36ef83226db3ac6</hash></file>
<file><path>C:\Windows\Temp\nseBD22.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>d9ea480e58239e983de4e94159a89070</hash></file>
<file><path>C:\Windows\Temp\nsf5E00.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>7350084ee59643f331f0fa3044bd9868</hash></file>
<file><path>C:\Windows\Temp\nsfF5A0.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>358e1e383d3ef5411110c961738e8f71</hash></file>
<file><path>C:\Users\kerstin\Downloads\Adobe Reader.exe</path><vendor>PUP.Optional.Firseria</vendor><action>success</action><hash>883b4412077470c67f5f255b3dc45da3</hash></file>
<file><path>C:\Users\kerstin\Downloads\Allin1Convert.exe</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>1ba8b3a30774d363b74eb87337cd1be5</hash></file>
<file><path>C:\Users\kerstin\Downloads\FreePDFReaderSetup.exe</path><vendor>PUP.Optional.InstallBrain.A</vendor><action>success</action><hash>8142be98d1aa9a9cdf9d8be33dc46799</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage</path><vendor>PUP.Optional.Superfish.A</vendor><action>success</action><hash>853e93c3403b0b2b8eb4c8c77e84e020</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal</path><vendor>PUP.Optional.Superfish.A</vendor><action>success</action><hash>962d80d674076bcb79c95639e220f907</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>dce74d0922599f97ee3fd9b730d2af51</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>b80bef67fe7d7cbaee3f504026dc6b95</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>13b0e27491ea70c6838d3a577e84fb05</hash></file>
<file><path>C:\Program Files\003\xmkysecqun64.exe</path><vendor>PUP.Optional.AdPeak.A</vendor><action>delete-on-reboot</action><hash>be0568ee225972c40c87791bd52d817f</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d.websteroidsapp.com_0.localstorage</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>e2e141152457e056a0c155458e747c84</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d.websteroidsapp.com_0.localstorage-journal</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>d7ec0d4996e5f54189d8bbdf7b87b44c</hash></file>
<file><path>C:\Windows\System32\roboot64.exe</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>d4ef5cfa34473ef842cb822037cb0ef2</hash></file>
<file><path>C:\ProgramData\InternetUpdater\InternetUpdater.ico</path><vendor>PUP.Optional.InternetUpdater.A</vendor><action>success</action><hash>1ba874e2403bcf67913f8d1b3bc76d93</hash></file>
<file><path>C:\ProgramData\InternetUpdater\app.dat</path><vendor>PUP.Optional.InternetUpdater.A</vendor><action>success</action><hash>1ba874e2403bcf67913f8d1b3bc76d93</hash></file>
<file><path>C:\ProgramData\InternetUpdater\data.dat</path><vendor>PUP.Optional.InternetUpdater.A</vendor><action>success</action><hash>1ba874e2403bcf67913f8d1b3bc76d93</hash></file>
<file><path>C:\ProgramData\InternetUpdater\InternetUpdaterService.exe.config</path><vendor>PUP.Optional.InternetUpdater.A</vendor><action>success</action><hash>1ba874e2403bcf67913f8d1b3bc76d93</hash></file>
<file><path>C:\ProgramData\InternetUpdater\Uninstall.exe</path><vendor>PUP.Optional.InternetUpdater.A</vendor><action>success</action><hash>1ba874e2403bcf67913f8d1b3bc76d93</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer\rcpupdate.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer\ExcludeList.rcp</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer\German_rcp.dat</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer\log_05-26-2014.log</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer\log_05-27-2014.log</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer\results.rcp</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer\TempHLList.rcp</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer\Partial Backups\00000001.rmx</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\PerformerSoft\PC Performer\Partial Backups\00000001.rxb</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>695a4d09b3c8340294b26d4f9d66b14f</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\xmllite.dll</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\Italian_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\Chinese_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\CleanSchedule.exe</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\Danish_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\Dutch_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\eng_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\Finnish_rcp_fi.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\French_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\German_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\greek_rcp_el.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\install_left_image.bmp</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\isxdl.dll</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\Japanese_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\korean_rcp_ko.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\Norwegian_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\PCPerformer.dll</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\PCPerformer.exe</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\polish_rcp_pl.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\portugese_rcp_pt.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\Portuguese_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\russian_rcp_ru.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\Spanish_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\Swedish_rcp.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\TraditionalCn_rcp_zh-tw.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\turkish_rcp_tr.ini</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\unins000.dat</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\unins000.exe</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Program Files (x86)\PC Performer\unins000.msg</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6e55bc9af4875adc0e39f7c51ae9dc24</hash></file>
<file><path>C:\Windows\Tasks\PC Performer_DEFAULT.job</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>4083282eb9c2ce6857f2902ca360e41c</hash></file>
<file><path>C:\Windows\Tasks\PC Performer_UPDATES.job</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>6c57f5615c1f43f37eb4249a60a39c64</hash></file>
<file><path>C:\Users\kerstin\AppData\Local\Temp\CT3317209\ddt.csf</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>477c183ec9b2999d005cef897989e719</hash></file>
<file><path>C:\Users\kerstin\AppData\Roaming\IminentToolbar\sqlite3.dll</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>1da6f75f4833999d1f8e91e828da2bd5</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\DeskTopIcon.ico</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\AddonsFramework.Typelib.dll</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\AddonsFramework.Typelib64.dll</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\background.html</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\BackgroundHost.exe</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\BackgroundHost64.exe</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\button.js</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\ButtonSite.dll</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\ButtonSite64.dll</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\config.xml</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\content.js</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon128.ico</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon128.png</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon16.ico</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon16.png</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon18.ico</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon18.png</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon24.ico</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon24.png</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon32.ico</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon32.png</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon48.ico</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\icon48.png</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\jquery-1.9.1.min.js</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\json2.min.js</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\options.htm</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\rjs.js</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\uninst.exe</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\uninstall.exe</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\updater.js</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Free Games 111\updaterWrapper.js</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>9b28a7afaad1a69054a14e2ba55d966a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\DeskTopIcon.ico</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\AddonsFramework.Typelib.dll</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\AddonsFramework.Typelib64.dll</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\background.html</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\BackgroundHost.exe</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\BackgroundHost64.exe</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\button.js</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\ButtonSite.dll</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\ButtonSite64.dll</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\config.xml</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\content.js</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon128.ico</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon128.png</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon16.ico</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon16.png</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon18.ico</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon18.png</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon24.ico</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon24.png</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon32.ico</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon32.png</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon48.ico</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon48.png</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon64.ico</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\icon64.png</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\jquery-1.9.1.min.js</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\json2.min.js</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\options.htm</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\rjs.js</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\uninst.exe</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\uninstall.exe</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\updater.js</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
<file><path>C:\Program Files (x86)\Speed Test 127\updaterWrapper.js</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>348fca8c8cef5fd7b3430c6db052e61a</hash></file>
</items>
</mbam-log>
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02 Ran by kerstin (administrator) on VAIO on 28-05-2014 08:29:47 Running from C:\Users\kerstin\Downloads Platform: Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files\Sony\VAIO Care\VCPerfService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe () C:\Program Files\Sony\VAIO Care\listener.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-10-10] (Realtek Semiconductor) HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-11-05] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-11-05] (Atheros Communications) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-10-23] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-10-10] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [644656 2013-08-17] (McAfee, Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [183376 2014-05-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-09] (Avira Operations GmbH & Co. KG) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-2506654650-796066991-677667921-1001\...\MountPoints2: {7b6b7b5f-94bd-11e2-be73-a41731dab326} - "E:\.\Setup.exe" AUTORUN=1 HKU\S-1-5-21-2506654650-796066991-677667921-1001\...\MountPoints2: {7b6b7cc4-94bd-11e2-be73-a41731dab326} - "E:\.\Setup.exe" AUTORUN=1 HKU\S-1-5-21-2506654650-796066991-677667921-1001\...\MountPoints2: {b4a3e72f-c4b8-11e3-be95-a41731dab326} - "E:\.\Setup.exe" AUTORUN=1 HKU\S-1-5-21-2506654650-796066991-677667921-1001\...\MountPoints2: {b4a3e7d9-c4b8-11e3-be95-a41731dab326} - "E:\.\Setup.exe" AUTORUN=1 HKU\S-1-5-21-2506654650-796066991-677667921-1001\...\MountPoints2: {b4a3e862-c4b8-11e3-be95-a41731dab326} - "E:\.\Setup.exe" AUTORUN=1 HKU\S-1-5-21-2506654650-796066991-677667921-1001\...\MountPoints2: {dabeb57d-c706-11e3-be96-a41731dab326} - "E:\.\Setup.exe" AUTORUN=1 HKU\S-1-5-21-2506654650-796066991-677667921-1001\...\MountPoints2: {dabeb5aa-c706-11e3-be96-a41731dab326} - "E:\.\Setup.exe" AUTORUN=1 IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Parental Controls.lnk ShortcutTarget: McAfee Parental Controls.lnk -> C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP77B12B96-9349-43F0-8DCE-9D66842923C2&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP77B12B96-9349-43F0-8DCE-9D66842923C2&q={searchTerms}&SSPV= SearchScopes: HKCU - {356F967B-C0DB-413A-9722-2161E8C8B573} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms} SearchScopes: HKCU - {EF4931A1-F27D-4C98-80B4-EA0E228736DF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\sycvpt0y.default FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\sycvpt0y.default\user.js FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-01-09] FF HKCU\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\kerstin\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers FF Extension: Speed Test 127 - C:\Users\kerstin\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014-05-26] FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\kerstin\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers FF Extension: Free Games 111 - C:\Users\kerstin\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers [2014-05-26] Chrome: ======= CHR Extension: (Google Docs) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-25] CHR Extension: (Google Drive) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-25] CHR Extension: (No Name) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bglgepiolghndacjbjadadjnkgfgehcd [2014-02-12] CHR Extension: (YouTube) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-25] CHR Extension: (Google Search) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-25] CHR Extension: (QueeniCoupoon) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecfmlfgikjdagjikheaahnghjpajaljn [2014-05-24] CHR Extension: (weebsaver) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkfhabhpnkdiiiogbocaoiimogaadgmn [2014-01-27] CHR Extension: (TicTaCoUpon) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\moieabkfabdhfjlnalkfhdfekmmldnij [2014-03-18] CHR Extension: (Google Wallet) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26] CHR Extension: (sAveoRon) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\phcpimhcgagmbgbefciohdhljehmnalp [2014-02-15] CHR Extension: (Gmail) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-25] CHR Extension: (SaverProo) - C:\ProgramData\mchnfhjfmbklegkoglcpmfeopeffbfao [2014-01-27] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2014-04-18] () R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-11-05] (Qualcomm Atheros Commnucations) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [123984 2014-05-14] (Avira Operations GmbH & Co. KG) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.) S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McSchedulerSvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-15] (McAfee, Inc.) S3 mfeicfcoreocp; C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe [2782392 2013-12-31] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-11-15] (McAfee, Inc.) S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-10-18] (Sony Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation) R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] () S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation) R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1265824 2012-10-23] (Sony Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-11-05] (Atheros) ==================== Drivers (Whitelisted) ==================== R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-10-22] (Advanced Micro Devices) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-09] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-09] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-05] (Qualcomm Atheros) R3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-11-05] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [138752 2014-04-17] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-28] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-15] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-15] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-15] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-15] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-15] (McAfee, Inc.) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-23] (Synaptics Incorporated) R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation) R1 {f64c1459-b911-4fd8-a74e-36a496bf26e3}Gw64; C:\Windows\System32\drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gw64.sys [61112 2014-05-22] (StdLib) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-28 08:29 - 2014-05-28 08:30 - 00021163 _____ () C:\Users\kerstin\Downloads\FRST.txt 2014-05-28 08:29 - 2014-05-28 08:29 - 02066944 _____ (Farbar) C:\Users\kerstin\Downloads\FRST64.exe 2014-05-28 08:29 - 2014-05-28 08:29 - 00000000 ____D () C:\FRST 2014-05-28 08:28 - 2014-05-28 08:28 - 00000476 _____ () C:\Users\kerstin\Downloads\defogger_disable.log 2014-05-28 08:28 - 2014-05-28 08:28 - 00000000 _____ () C:\Users\kerstin\defogger_reenable 2014-05-28 08:27 - 2014-05-28 08:27 - 00050477 _____ () C:\Users\kerstin\Downloads\Defogger.exe 2014-05-28 07:57 - 2014-05-28 08:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-28 07:57 - 2014-05-28 07:57 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-28 07:57 - 2014-05-28 07:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-28 07:57 - 2014-05-28 07:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-28 07:57 - 2014-05-28 07:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-28 07:57 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-28 07:57 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-28 07:57 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-28 07:56 - 2014-05-28 07:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\kerstin\Downloads\mbam-setup-2.0.2.1012.exe 2014-05-28 07:31 - 2014-05-28 07:31 - 03673664 _____ (Piriform Ltd) C:\Users\kerstin\Downloads\ccsetup414_slim.exe 2014-05-28 07:31 - 2014-05-28 07:31 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-05-28 07:31 - 2014-05-28 07:31 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-05-28 07:31 - 2014-05-28 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-05-28 07:31 - 2014-05-28 07:31 - 00000000 ____D () C:\Program Files\CCleaner 2014-05-27 18:10 - 2014-05-27 18:10 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-27 18:10 - 2014-05-27 18:10 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-27 18:10 - 2014-05-27 18:10 - 00000000 ____D () C:\Users\kerstin\AppData\Local\Mozilla 2014-05-27 18:08 - 2014-05-27 18:08 - 00283144 _____ (Mozilla) C:\Users\kerstin\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-27 17:40 - 2014-05-27 17:40 - 00000000 ____D () C:\Users\kerstin\AppData\Roaming\Avira 2014-05-27 17:39 - 2014-05-09 11:16 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-05-27 17:39 - 2014-05-09 11:16 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-05-27 17:39 - 2014-05-09 11:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-05-27 17:36 - 2014-05-27 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-05-27 17:36 - 2014-05-27 17:39 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-27 17:36 - 2014-05-27 17:36 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-05-27 17:35 - 2014-05-27 17:39 - 00000000 ____D () C:\ProgramData\Avira 2014-05-27 17:35 - 2014-05-27 17:35 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\kerstin\Downloads\avira_de_av_4000461663__ws.exe 2014-05-27 17:35 - 2014-05-27 17:35 - 00000000 ____D () C:\ProgramData\Package Cache 2014-05-27 17:32 - 2014-05-27 17:32 - 00003402 _____ () C:\Windows\System32\Tasks\{CC799F03-888A-48DF-B208-788F6A14DAE5} 2014-05-27 17:27 - 2014-05-27 17:27 - 00000000 ____D () C:\Program Files (x86)\DaoocSCoonvoErtteer 2014-05-27 17:26 - 2014-05-27 17:26 - 00000000 ____D () C:\Program Files (x86)\KiangCiouupoN 2014-05-27 17:08 - 2014-05-27 17:08 - 00000000 ____D () C:\Program Files (x86)\CluiCkForSale 2014-05-26 16:47 - 2014-05-26 21:59 - 00001089 _____ () C:\Users\kerstin\Desktop\Continue VuuPC Installation.lnk 2014-05-26 16:43 - 2014-05-26 16:43 - 00002166 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-05-26 16:43 - 2014-05-26 16:43 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-05-26 16:43 - 2014-05-26 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-05-26 16:43 - 2014-05-26 16:43 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-05-26 16:43 - 2014-05-26 16:43 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan 2014-05-26 16:37 - 2014-05-28 07:35 - 00000000 ____D () C:\Users\kerstin\AppData\Roaming\Systweak 2014-05-26 16:37 - 2014-05-27 18:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-26 16:36 - 2014-05-28 08:19 - 00000000 ____D () C:\Program Files\003 2014-05-26 11:26 - 2014-05-26 11:26 - 00279584 _____ () C:\Windows\Minidump\052614-64640-01.dmp 2014-05-26 11:24 - 2014-05-26 11:24 - 00000000 __SHD () C:\found.002 2014-05-26 08:47 - 2014-05-27 17:54 - 00003118 _____ () C:\Windows\System32\Tasks\PC Performer 2014-05-26 08:46 - 2014-05-28 08:17 - 00000000 ____D () C:\Users\kerstin\AppData\Roaming\PerformerSoft 2014-05-26 08:46 - 2014-05-26 08:46 - 00001050 _____ () C:\Users\Public\Desktop\PC Performer.lnk 2014-05-26 08:46 - 2014-05-26 08:46 - 00000000 ____D () C:\Users\kerstin\AppData\Roaming\FreePDFReader 2014-05-26 08:46 - 2014-05-26 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer 2014-05-26 08:45 - 2014-05-26 08:46 - 00000000 ____D () C:\Program Files (x86)\FreePDFReader 2014-05-25 18:54 - 2014-05-22 18:19 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gw64.sys 2014-05-24 14:16 - 2014-05-01 22:37 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-24 14:16 - 2014-05-01 22:37 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-23 23:59 - 2014-05-27 17:21 - 00000000 ____D () C:\ProgramData\CluiCkForSale 2014-05-20 08:37 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-05-20 08:37 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2014-05-20 08:37 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-05-19 14:26 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-19 14:26 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-19 14:26 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-19 14:26 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-19 14:25 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-19 14:25 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-19 14:25 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-19 14:25 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-19 14:25 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-19 14:25 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-19 14:25 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-19 14:25 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-19 14:25 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll 2014-05-19 14:25 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2014-05-19 14:25 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-19 14:25 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-19 14:25 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll 2014-05-19 14:25 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-19 14:25 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-19 14:25 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll 2014-05-19 14:25 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2014-05-19 14:25 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-19 14:25 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-19 14:25 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-19 14:25 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-19 14:25 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-19 14:25 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll 2014-05-19 14:25 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-19 14:25 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-19 14:25 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-19 14:25 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-19 14:25 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-19 14:25 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-19 14:25 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-19 14:25 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-19 14:25 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-19 14:25 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2014-05-19 14:25 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-19 14:25 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-19 14:25 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-19 14:25 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-19 14:25 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-19 14:25 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-05-19 14:25 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-05-19 14:25 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll 2014-05-19 14:25 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll 2014-05-19 14:25 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-05-19 14:25 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2014-05-19 14:25 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2014-05-19 14:25 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2014-05-19 14:25 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2014-05-19 14:25 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys 2014-05-06 12:07 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe 2014-05-06 12:07 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-05-06 12:07 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-06 12:07 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-05-06 12:07 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-04 19:16 - 2014-05-27 14:34 - 00000463 _____ () C:\Users\kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website 2014-05-03 03:02 - 2014-05-03 03:02 - 00041652 _____ () C:\Windows\system32\s000000.dat 2014-05-03 02:59 - 2014-05-03 02:59 - 00000040 _____ () C:\Windows\system32\sstate_prev.sdt 2014-05-03 02:59 - 2014-05-03 02:59 - 00000000 _____ () C:\Windows\system32\sstates.sdt ==================== One Month Modified Files and Folders ======= 2014-05-28 08:30 - 2014-05-28 08:29 - 00021163 _____ () C:\Users\kerstin\Downloads\FRST.txt 2014-05-28 08:29 - 2014-05-28 08:29 - 02066944 _____ (Farbar) C:\Users\kerstin\Downloads\FRST64.exe 2014-05-28 08:29 - 2014-05-28 08:29 - 00000000 ____D () C:\FRST 2014-05-28 08:28 - 2014-05-28 08:28 - 00000476 _____ () C:\Users\kerstin\Downloads\defogger_disable.log 2014-05-28 08:28 - 2014-05-28 08:28 - 00000000 _____ () C:\Users\kerstin\defogger_reenable 2014-05-28 08:28 - 2013-07-07 08:58 - 00000000 ____D () C:\Users\kerstin 2014-05-28 08:27 - 2014-05-28 08:27 - 00050477 _____ () C:\Users\kerstin\Downloads\Defogger.exe 2014-05-28 08:27 - 2013-07-07 09:42 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2506654650-796066991-677667921-1001 2014-05-28 08:24 - 2013-01-09 02:00 - 01288823 _____ () C:\Windows\WindowsUpdate.log 2014-05-28 08:21 - 2014-05-28 07:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-28 08:21 - 2013-07-25 15:39 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-28 08:21 - 2013-01-09 02:30 - 00000000 ____D () C:\ProgramData\MOCP 2014-05-28 08:19 - 2014-05-26 16:36 - 00000000 ____D () C:\Program Files\003 2014-05-28 08:19 - 2014-04-18 16:10 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-05-28 08:19 - 2012-08-03 04:22 - 00149486 _____ () C:\Windows\PFRO.log 2014-05-28 08:19 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-28 08:19 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-05-28 08:17 - 2014-05-26 08:46 - 00000000 ____D () C:\Users\kerstin\AppData\Roaming\PerformerSoft 2014-05-28 08:03 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\tracing 2014-05-28 08:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2014-05-28 07:57 - 2014-05-28 07:57 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-28 07:57 - 2014-05-28 07:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-28 07:57 - 2014-05-28 07:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-28 07:57 - 2014-05-28 07:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-28 07:56 - 2014-05-28 07:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\kerstin\Downloads\mbam-setup-2.0.2.1012.exe 2014-05-28 07:54 - 2013-07-25 15:39 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-28 07:35 - 2014-05-26 16:37 - 00000000 ____D () C:\Users\kerstin\AppData\Roaming\Systweak 2014-05-28 07:31 - 2014-05-28 07:31 - 03673664 _____ (Piriform Ltd) C:\Users\kerstin\Downloads\ccsetup414_slim.exe 2014-05-28 07:31 - 2014-05-28 07:31 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-05-28 07:31 - 2014-05-28 07:31 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-05-28 07:31 - 2014-05-28 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-05-28 07:31 - 2014-05-28 07:31 - 00000000 ____D () C:\Program Files\CCleaner 2014-05-28 07:22 - 2013-07-07 09:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-28 07:17 - 2014-01-27 21:37 - 00000000 ____D () C:\ProgramData\weebsaver 2014-05-27 20:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache 2014-05-27 18:33 - 2014-02-15 22:48 - 00000000 ____D () C:\ProgramData\sAveoRon 2014-05-27 18:20 - 2014-01-27 21:37 - 00000000 ____D () C:\ProgramData\SaverProo 2014-05-27 18:10 - 2014-05-27 18:10 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-27 18:10 - 2014-05-27 18:10 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-27 18:10 - 2014-05-27 18:10 - 00000000 ____D () C:\Users\kerstin\AppData\Local\Mozilla 2014-05-27 18:10 - 2014-05-26 16:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-27 18:10 - 2014-03-27 09:46 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0C9F0AAB-17A9-4111-A221-1345BA5E1119} 2014-05-27 18:08 - 2014-05-27 18:08 - 00283144 _____ (Mozilla) C:\Users\kerstin\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-27 18:07 - 2012-07-26 07:26 - 00000226 _____ () C:\Windows\win.ini 2014-05-27 17:54 - 2014-05-26 08:47 - 00003118 _____ () C:\Windows\System32\Tasks\PC Performer 2014-05-27 17:50 - 2013-07-07 09:35 - 00000000 ___RD () C:\Users\kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-27 17:44 - 2014-03-18 19:17 - 00000000 ____D () C:\ProgramData\KiangCiouupoN 2014-05-27 17:44 - 2014-02-03 20:34 - 00000000 ____D () C:\ProgramData\DaoocSCoonvoErtteer 2014-05-27 17:40 - 2014-05-27 17:40 - 00000000 ____D () C:\Users\kerstin\AppData\Roaming\Avira 2014-05-27 17:39 - 2014-05-27 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-05-27 17:39 - 2014-05-27 17:36 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-27 17:39 - 2014-05-27 17:35 - 00000000 ____D () C:\ProgramData\Avira 2014-05-27 17:36 - 2014-05-27 17:36 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-05-27 17:35 - 2014-05-27 17:35 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\kerstin\Downloads\avira_de_av_4000461663__ws.exe 2014-05-27 17:35 - 2014-05-27 17:35 - 00000000 ____D () C:\ProgramData\Package Cache 2014-05-27 17:32 - 2014-05-27 17:32 - 00003402 _____ () C:\Windows\System32\Tasks\{CC799F03-888A-48DF-B208-788F6A14DAE5} 2014-05-27 17:31 - 2013-07-30 11:03 - 00000000 ____D () C:\Users\kerstin\AppData\Local\CrashDumps 2014-05-27 17:30 - 2013-01-09 01:36 - 00753134 _____ () C:\Windows\system32\perfh007.dat 2014-05-27 17:30 - 2013-01-09 01:36 - 00155826 _____ () C:\Windows\system32\perfc007.dat 2014-05-27 17:30 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-27 17:27 - 2014-05-27 17:27 - 00000000 ____D () C:\Program Files (x86)\DaoocSCoonvoErtteer 2014-05-27 17:26 - 2014-05-27 17:26 - 00000000 ____D () C:\Program Files (x86)\KiangCiouupoN 2014-05-27 17:26 - 2014-01-27 21:37 - 00000000 ____D () C:\ProgramData\a130b489b9c6817 2014-05-27 17:21 - 2014-05-23 23:59 - 00000000 ____D () C:\ProgramData\CluiCkForSale 2014-05-27 17:08 - 2014-05-27 17:08 - 00000000 ____D () C:\Program Files (x86)\CluiCkForSale 2014-05-27 14:34 - 2014-05-04 19:16 - 00000463 _____ () C:\Users\kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website 2014-05-27 11:46 - 2013-06-06 19:02 - 00014336 ___SH () C:\Users\kerstin\Downloads\Thumbs.db 2014-05-26 21:59 - 2014-05-26 16:47 - 00001089 _____ () C:\Users\kerstin\Desktop\Continue VuuPC Installation.lnk 2014-05-26 16:43 - 2014-05-26 16:43 - 00002166 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-05-26 16:43 - 2014-05-26 16:43 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-05-26 16:43 - 2014-05-26 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-05-26 16:43 - 2014-05-26 16:43 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-05-26 16:43 - 2014-05-26 16:43 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan 2014-05-26 16:43 - 2013-01-09 02:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-26 16:43 - 2012-07-26 10:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp 2014-05-26 16:42 - 2013-01-09 02:26 - 00000000 ____D () C:\ProgramData\Adobe 2014-05-26 16:36 - 2013-07-07 12:53 - 00000000 ____D () C:\Users\kerstin\AppData\Local\Adobe 2014-05-26 11:26 - 2014-05-26 11:26 - 00279584 _____ () C:\Windows\Minidump\052614-64640-01.dmp 2014-05-26 11:26 - 2013-09-24 20:32 - 00000000 ____D () C:\Windows\Minidump 2014-05-26 11:26 - 2013-09-18 13:30 - 511906660 _____ () C:\Windows\MEMORY.DMP 2014-05-26 11:24 - 2014-05-26 11:24 - 00000000 __SHD () C:\found.002 2014-05-26 08:46 - 2014-05-26 08:46 - 00001050 _____ () C:\Users\Public\Desktop\PC Performer.lnk 2014-05-26 08:46 - 2014-05-26 08:46 - 00000000 ____D () C:\Users\kerstin\AppData\Roaming\FreePDFReader 2014-05-26 08:46 - 2014-05-26 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer 2014-05-26 08:46 - 2014-05-26 08:45 - 00000000 ____D () C:\Program Files (x86)\FreePDFReader 2014-05-25 18:48 - 2013-07-02 16:35 - 00000000 ____D () C:\claudia 2014-05-25 18:28 - 2013-06-30 08:28 - 00000000 ____D () C:\urlaub 2014-05-25 18:23 - 2013-05-20 12:01 - 00000000 ____D () C:\skiurlaub1 2014-05-25 18:08 - 2013-05-15 16:55 - 00000000 ____D () C:\skiurlaub 2014-05-24 16:22 - 2013-01-09 02:03 - 00000000 ____D () C:\ProgramData\Sony Corporation 2014-05-24 14:17 - 2013-07-07 09:35 - 00000000 ___RD () C:\Users\kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-24 14:11 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData 2014-05-24 14:11 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-24 14:11 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-24 14:11 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore 2014-05-24 14:11 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates 2014-05-24 14:11 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-05-24 14:11 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-05-23 14:24 - 2013-08-18 20:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-23 14:23 - 2013-07-08 17:26 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-22 18:19 - 2014-05-25 18:54 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gw64.sys 2014-05-21 02:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-05-12 07:26 - 2014-05-28 07:57 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-05-28 07:57 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-05-28 07:57 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-09 11:16 - 2014-05-27 17:39 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-05-09 11:16 - 2014-05-27 17:39 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-05-09 11:16 - 2014-05-27 17:39 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-05-06 07:14 - 2014-05-19 14:25 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 07:14 - 2014-05-19 14:25 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 05:48 - 2014-05-19 14:25 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:48 - 2014-05-19 14:25 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-06 05:37 - 2014-05-19 14:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:26 - 2014-05-19 14:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-03 03:02 - 2014-05-03 03:02 - 00041652 _____ () C:\Windows\system32\s000000.dat 2014-05-03 02:59 - 2014-05-03 02:59 - 00000040 _____ () C:\Windows\system32\sstate_prev.sdt 2014-05-03 02:59 - 2014-05-03 02:59 - 00000000 _____ () C:\Windows\system32\sstates.sdt 2014-05-01 22:37 - 2014-05-24 14:16 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-01 22:37 - 2014-05-24 14:16 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\kerstin\AppData\Local\Temp\avgnt.exe C:\Users\kerstin\AppData\Local\Temp\BackupSetup.exe C:\Users\kerstin\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih.exe C:\Users\kerstin\AppData\Local\Temp\mfc80.dll C:\Users\kerstin\AppData\Local\Temp\mfc80u.dll C:\Users\kerstin\AppData\Local\Temp\mfcm80.dll C:\Users\kerstin\AppData\Local\Temp\mfcm80u.dll C:\Users\kerstin\AppData\Local\Temp\msvcm80.dll C:\Users\kerstin\AppData\Local\Temp\msvcp80.dll C:\Users\kerstin\AppData\Local\Temp\msvcr80.dll C:\Users\kerstin\AppData\Local\Temp\nshDA29.exe C:\Users\kerstin\AppData\Local\Temp\nsjDE22.exe C:\Users\kerstin\AppData\Local\Temp\nsoB95F.exe C:\Users\kerstin\AppData\Local\Temp\nsqB056.exe C:\Users\kerstin\AppData\Local\Temp\nsr9BA5.exe C:\Users\kerstin\AppData\Local\Temp\OSU.exe C:\Users\kerstin\AppData\Local\Temp\SPSetup.exe C:\Users\kerstin\AppData\Local\Temp\Uninstaller.exe C:\Users\kerstin\AppData\Local\Temp\vcredist_x64.exe C:\Users\kerstin\AppData\Local\Temp\VersionUpdater.exe C:\Users\kerstin\AppData\Local\Temp\WtgDriverInstallX.dll C:\Users\kerstin\AppData\Local\Temp\WTGXMLUtil.dll C:\Users\kerstin\AppData\Local\Temp\WtgZip.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-19 14:25] - [2014-04-12 11:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-28 03:00 ==================== End Of Log ============================ Liebe Grüße Joolez |
|
30.05.2014, 18:53
| #2 |
| | Diverse Programme lassen sich nicht löschen (PCPerformer, Speedtest und mehr) Ach... sorry, GMER Log vergessen:
__________________[CODE]19:49 30.05.2014GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-28 08:37:52
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000034 WDC_WD5000BPVT-55HXZT4 rev.01.01A01 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\kerstin\AppData\Local\Temp\pxloypog.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\system32\ntoskrnl.exe!KiCpuId + 988 fffff803c586d3dc 1 byte [31]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\atiesrxx.exe[556] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fa77a4177a 4 bytes [A4, 77, FA, 07]
.text C:\Windows\system32\atiesrxx.exe[556] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fa77a41782 4 bytes [A4, 77, FA, 07]
.text C:\Windows\system32\atieclxx.exe[1172] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fa77a4177a 4 bytes [A4, 77, FA, 07]
.text C:\Windows\system32\atieclxx.exe[1172] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fa77a41782 4 bytes [A4, 77, FA, 07]
.text C:\Windows\system32\atieclxx.exe[1172] C:\Windows\system32\WSOCK32.dll!recvfrom + 742 000007fa71e71b32 4 bytes [E7, 71, FA, 07]
.text C:\Windows\system32\atieclxx.exe[1172] C:\Windows\system32\WSOCK32.dll!recvfrom + 750 000007fa71e71b3a 4 bytes [E7, 71, FA, 07]
.text C:\Windows\system32\mfevtps.exe[2052] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fa77a4177a 4 bytes [A4, 77, FA, 07]
.text C:\Windows\system32\mfevtps.exe[2052] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fa77a41782 4 bytes [A4, 77, FA, 07]
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fa70621532 4 bytes [62, 70, FA, 07]
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fa7062153a 4 bytes [62, 70, FA, 07]
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fa7062165a 4 bytes [62, 70, FA, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3272] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fa70621532 4 bytes [62, 70, FA, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3272] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fa7062153a 4 bytes [62, 70, FA, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3272] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fa7062165a 4 bytes [62, 70, FA, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4116] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fa70621532 4 bytes [62, 70, FA, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4116] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fa7062153a 4 bytes [62, 70, FA, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4116] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fa7062165a 4 bytes [62, 70, FA, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4176] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fa70621532 4 bytes [62, 70, FA, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4176] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fa7062153a 4 bytes [62, 70, FA, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4176] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fa7062165a 4 bytes [62, 70, FA, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4176] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fa71e71b32 4 bytes [E7, 71, FA, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4176] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fa71e71b3a 4 bytes [E7, 71, FA, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4344] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fa77a4177a 4 bytes [A4, 77, FA, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4344] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fa77a41782 4 bytes [A4, 77, FA, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4364] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fa77a4177a 4 bytes [A4, 77, FA, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4364] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fa77a41782 4 bytes [A4, 77, FA, 07]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[1948] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fa70621532 4 bytes [62, 70, FA, 07]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[1948] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fa7062153a 4 bytes [62, 70, FA, 07]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[1948] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fa7062165a 4 bytes [62, 70, FA, 07]
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[940] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fa77a4177a 4 bytes [A4, 77, FA, 07]
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[940] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fa77a41782 4 bytes [A4, 77, FA, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [788:804] fffff960009675e8
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [3444:5368] 000007fa74135990
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5884:5664] 000007fa755c4aa0
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5884:5944] 000007fa76d35e10
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5884:4392] 000007fa774823a8
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
02.06.2014, 18:25
| #3 |
| /// the machine /// TB-Ausbilder    | Diverse Programme lassen sich nicht löschen (PCPerformer, Speedtest und mehr) Hi,
__________________Addition.txt von FRST fehlt noch.
__________________ |
|
02.06.2014, 20:56
| #4 |
| | Diverse Programme lassen sich nicht löschen (PCPerformer, Speedtest und mehr) Hier ist das Addition File: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by kerstin at 2014-05-28 08:30:32
Running from C:\Users\kerstin\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Accelerated Video Transcoding (Version: 12.5.100.21010 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{AFF3A479-02DE-E284-9E4D-CC1F0B45174A}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{68e29fba-92b1-4f6f-a604-1d8679da3a9f}) (Version: 1.1.13.24161 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.13.24161 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Build-a-lot: On Vacation (x32 Version: 2.2.0.110 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1010.1519.25530 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1010.1519.25530 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1010.1519.25530 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1010.1519.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1010.1518.25530 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1010.1519.25530 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2126 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.2126 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5728.52 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 9.0.5728.52 - CyberLink Corp.) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Free Games 111 (HKLM-x32\...\Free Games 111) (Version: 3.0.0.0 - BestOffers) <==== ATTENTION
FreePDFReader (HKLM-x32\...\FreePDFReader) (Version: - FreePDFConverter)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Heroes of Hellas 3: Athens (x32 Version: 3.0.2.32 - WildTangent) Hidden
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41505) (Version: 3.8.0.41505.25 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Luxor HD (x32 Version: 2.2.0.110 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Parental Controls (HKLM-x32\...\MOCP) (Version: 3.2.226.1 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
PC Performer (HKLM-x32\...\PC Performer_is1) (Version: 11.10 - PerformerSoft LLC) <==== ATTENTION
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.28121 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
sAveoRon (HKLM-x32\...\{66951628-3E5A-9C96-37EA-490E187974D5}) (Version: - saveeroN)
SaverProo (HKLM-x32\...\{94851E46-5E5B-DD67-2593-709E8D27DC4C}) (Version: - SaveerPro)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Speed Test 127 (HKLM-x32\...\Speed Test 127) (Version: 3.0.0.0 - Speed Analysis) <==== ATTENTION
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.2 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.1.0.11020 - Sony Corporation)
VAIO Care (HKLM\...\{EC635BC0-0D7C-4CA2-9B87-2A330C298CB2}) (Version: 8.1.0.10120 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.1.0.10300 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.3.0.09290 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{14AC95A2-7675-4988-A5BD-3F5B943AED08}) (Version: 3.0.0.08140 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.1.0.10240 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.1.0.10220 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.1.0.10220 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.0.00.08170 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.1.0.10220 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.1.10170 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.0.00.10170 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.0.00.10170 - Sony Corporation) Hidden
VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.0.2.10230 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation)
VAIO-Hardwarediagnose-Plugin für VAIO Care (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.7.0.11070 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
weebsaver (HKLM-x32\...\{5CDF2354-26AF-2DBC-1012-44FEDFCC75BB}) (Version: - weebsavEEr)
WildTangent Games App (x32 Version: 4.0.9.7 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
==================== Restore Points =========================
01-05-2014 12:49:20 Windows Update
21-05-2014 12:19:15 Windows Update
26-05-2014 07:34:26 PC Performer Mo, Mai 26, 14 09:34
27-05-2014 09:28:01 Removed Adobe Reader XI MUI.
==================== Hosts content: ==========================
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {16015976-86D2-4BE0-9CDF-4B4E73060663} - System32\Tasks\{96BE543D-907E-4A75-BCDE-3AE9CBDF935F} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?source=lightinstaller&page=tsMain
Task: {16CC01DA-B6BB-4D5E-A8DA-D99E4B3358CC} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-10-23] (Sony Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {24032EBE-1B03-4B33-B5F3-C23F907A3642} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {30B3CCE3-B6C9-4066-968E-D4D982429EAA} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {43601916-F058-4137-8449-FA2327CA92FF} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {4FAA28B2-2E5F-4C12-B6E6-07430E7C9EF7} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-10-22] (Sony Corporation)
Task: {512E3387-FA78-44E0-829D-4DB1F2B3EA1C} - System32\Tasks\Sony Corporation\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-11-08] (Sony Corporation)
Task: {61B52D29-D5A3-4C82-B03B-DBE4DA10C2E3} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {7DE97D28-C70E-438A-863C-90C7305694D9} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {811A97F2-2771-4BD5-B639-9A790747617C} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {818B993D-B973-44AC-B615-E5926B9823E8} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2012-10-23] (Sony Corporation)
Task: {82F8D411-A1F1-4D13-B7A6-FF45683419A6} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {8482C6E8-1F09-48FD-A04B-B99646A7A4A9} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2012-10-31] (Sony Corporation)
Task: {92782AD6-BC55-4315-B5D0-AE060D63EE35} - System32\Tasks\PC Performer => C:\Program Files (x86)\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {99328B99-9BE0-49EA-A261-5C9070D1A54C} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {A62802D4-CF42-4718-8865-6AFB3E723DEB} - System32\Tasks\{B1A5FA06-62C8-42A1-A77A-C4533285B1B4} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?source=lightinstaller&page=tsMain
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B8813E9F-7FA9-46B7-9F10-4096E376D141} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2012-10-31] (Sony Corporation)
Task: {BF7C53DE-A4E4-4D4B-95E8-9688F28ADBD1} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D216A67A-0B58-4FED-A5A8-7338EBDE3348} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {DE0D2335-3851-4CFF-982F-DE31A588B964} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {E7476A34-6C44-4D6A-A3D9-2464D1BD692A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-25] (Google Inc.)
Task: {E763EEA9-EE14-4CC7-9867-703ED3503B9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-25] (Google Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F4325633-2E84-4C0F-B54C-0B06AFA4C058} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {FD416EA4-5829-41CE-A02B-0769FE4EEB22} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2012-11-01] (Sony Corporation)
Task: {FDCD846E-D8ED-4CE3-A36B-3D195B914878} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-08-14] (Sony Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-04-18 16:44 - 2014-04-18 16:50 - 00358968 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2013-06-04 19:14 - 2013-06-04 19:15 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-11-05 20:28 - 2012-11-05 20:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-11-05 20:23 - 2012-11-05 20:23 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-11-05 20:26 - 2012-11-05 20:26 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-04-18 16:44 - 2014-04-18 16:50 - 00510520 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2012-11-05 20:28 - 2012-11-05 20:28 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-05-20 19:33 - 2014-05-20 19:33 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2012-08-06 14:27 - 2012-08-06 14:27 - 00156672 _____ () C:\Program Files\Sony\VAIO Care\VCPerfService.exe
2012-10-10 16:17 - 2012-10-10 16:17 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-08-06 14:27 - 2012-08-06 14:27 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2014-05-14 14:27 - 2014-05-14 14:27 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-05-14 14:27 - 2014-05-14 14:27 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-05-27 17:40 - 2014-05-14 14:27 - 00049744 _____ () C:\Users\kerstin\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2013-01-09 01:56 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-05-27 18:10 - 2014-05-07 04:27 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\kerstin\Re Zimmerreservierung.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/28/2014 08:24:40 AM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (5268) {A09A7480-7857-402E-BC97-AB1E93C146DD}: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1216 auf.
Error: (05/28/2014 08:24:40 AM) (Source: ESENT) (EventID: 494) (User: )
Description: SettingSyncHost (5268) {A09A7480-7857-402E-BC97-AB1E93C146DD}: Bei der Datenbankwiederherstellung ist ein Fehler aufgetreten (Fehler -1216), da Verweise auf Datenbank "C:\Users\kerstin\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" festgestellt wurden, die nicht mehr vorhanden ist. Die Datenbank wurde nicht sauber heruntergefahren, bevor sie entfernt (oder möglicherweise verschoben oder umbenannt) wurde. Das Datenbankmodul lässt den Abschluss der Wiederherstellung für diese Instanz erst dann zu, wenn die fehlende Datenbank wieder verfügbar gemacht wird. Wenn die Datenbank tatsächlich nicht mehr verfügbar oder nicht mehr erforderlich ist, finden Sie Informationen zum Beheben dieses Fehlers in der Microsoft Knowledge Base oder unter dem Link "Weitere Informationen" am Ende dieser Meldung.
Error: (05/28/2014 08:24:40 AM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (5268) {F35AED6E-4E2F-4A80-AB61-760E48CAC2CB}: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1216 auf.
Error: (05/28/2014 08:24:40 AM) (Source: ESENT) (EventID: 494) (User: )
Description: SettingSyncHost (5268) {F35AED6E-4E2F-4A80-AB61-760E48CAC2CB}: Bei der Datenbankwiederherstellung ist ein Fehler aufgetreten (Fehler -1216), da Verweise auf Datenbank "C:\Users\kerstin\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" festgestellt wurden, die nicht mehr vorhanden ist. Die Datenbank wurde nicht sauber heruntergefahren, bevor sie entfernt (oder möglicherweise verschoben oder umbenannt) wurde. Das Datenbankmodul lässt den Abschluss der Wiederherstellung für diese Instanz erst dann zu, wenn die fehlende Datenbank wieder verfügbar gemacht wird. Wenn die Datenbank tatsächlich nicht mehr verfügbar oder nicht mehr erforderlich ist, finden Sie Informationen zum Beheben dieses Fehlers in der Microsoft Knowledge Base oder unter dem Link "Weitere Informationen" am Ende dieser Meldung.
Error: (05/28/2014 08:24:40 AM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (5268) {5C2052C9-BD63-4B8D-A9F7-35D8C417B952}: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1216 auf.
Error: (05/28/2014 08:24:40 AM) (Source: ESENT) (EventID: 494) (User: )
Description: SettingSyncHost (5268) {5C2052C9-BD63-4B8D-A9F7-35D8C417B952}: Bei der Datenbankwiederherstellung ist ein Fehler aufgetreten (Fehler -1216), da Verweise auf Datenbank "C:\Users\kerstin\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" festgestellt wurden, die nicht mehr vorhanden ist. Die Datenbank wurde nicht sauber heruntergefahren, bevor sie entfernt (oder möglicherweise verschoben oder umbenannt) wurde. Das Datenbankmodul lässt den Abschluss der Wiederherstellung für diese Instanz erst dann zu, wenn die fehlende Datenbank wieder verfügbar gemacht wird. Wenn die Datenbank tatsächlich nicht mehr verfügbar oder nicht mehr erforderlich ist, finden Sie Informationen zum Beheben dieses Fehlers in der Microsoft Knowledge Base oder unter dem Link "Weitere Informationen" am Ende dieser Meldung.
Error: (05/28/2014 08:24:40 AM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (5268) {6CE9F693-21FC-4CFD-8CCF-15AE0D7EA672}: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1216 auf.
Error: (05/28/2014 08:24:40 AM) (Source: ESENT) (EventID: 494) (User: )
Description: SettingSyncHost (5268) {6CE9F693-21FC-4CFD-8CCF-15AE0D7EA672}: Bei der Datenbankwiederherstellung ist ein Fehler aufgetreten (Fehler -1216), da Verweise auf Datenbank "C:\Users\kerstin\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" festgestellt wurden, die nicht mehr vorhanden ist. Die Datenbank wurde nicht sauber heruntergefahren, bevor sie entfernt (oder möglicherweise verschoben oder umbenannt) wurde. Das Datenbankmodul lässt den Abschluss der Wiederherstellung für diese Instanz erst dann zu, wenn die fehlende Datenbank wieder verfügbar gemacht wird. Wenn die Datenbank tatsächlich nicht mehr verfügbar oder nicht mehr erforderlich ist, finden Sie Informationen zum Beheben dieses Fehlers in der Microsoft Knowledge Base oder unter dem Link "Weitere Informationen" am Ende dieser Meldung.
Error: (05/28/2014 08:24:40 AM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (5268) {C4741D01-BF0F-4A56-B42A-D08997062558}: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1216 auf.
Error: (05/28/2014 08:24:40 AM) (Source: ESENT) (EventID: 494) (User: )
Description: SettingSyncHost (5268) {C4741D01-BF0F-4A56-B42A-D08997062558}: Bei der Datenbankwiederherstellung ist ein Fehler aufgetreten (Fehler -1216), da Verweise auf Datenbank "C:\Users\kerstin\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" festgestellt wurden, die nicht mehr vorhanden ist. Die Datenbank wurde nicht sauber heruntergefahren, bevor sie entfernt (oder möglicherweise verschoben oder umbenannt) wurde. Das Datenbankmodul lässt den Abschluss der Wiederherstellung für diese Instanz erst dann zu, wenn die fehlende Datenbank wieder verfügbar gemacht wird. Wenn die Datenbank tatsächlich nicht mehr verfügbar oder nicht mehr erforderlich ist, finden Sie Informationen zum Beheben dieses Fehlers in der Microsoft Knowledge Base oder unter dem Link "Weitere Informationen" am Ende dieser Meldung.
System errors:
=============
Error: (05/28/2014 08:22:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Network Agent" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/28/2014 08:22:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Network Agent erreicht.
Error: (05/28/2014 08:22:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Services" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/28/2014 08:22:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Services erreicht.
Error: (05/28/2014 08:20:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Anti-Spam Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/28/2014 08:20:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Anti-Spam Service erreicht.
Error: (05/28/2014 07:25:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Network Agent" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/28/2014 07:25:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Network Agent erreicht.
Error: (05/28/2014 07:25:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Services" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/28/2014 07:25:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Services erreicht.
Microsoft Office Sessions:
=========================
Error: (05/28/2014 08:24:40 AM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost5268{A09A7480-7857-402E-BC97-AB1E93C146DD}: -1216
Error: (05/28/2014 08:24:40 AM) (Source: ESENT) (EventID: 494) (User: )
Description: SettingSyncHost5268{A09A7480-7857-402E-BC97-AB1E93C146DD}: -1216C:\Users\kerstin\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb
Error: (05/28/2014 08:24:40 AM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost5268{F35AED6E-4E2F-4A80-AB61-760E48CAC2CB}: -1216
Error: (05/28/2014 08:24:40 AM) (Source: ESENT) (EventID: 494) (User: )
Description: SettingSyncHost5268{F35AED6E-4E2F-4A80-AB61-760E48CAC2CB}: -1216C:\Users\kerstin\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb
Error: (05/28/2014 08:24:40 AM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost5268{5C2052C9-BD63-4B8D-A9F7-35D8C417B952}: -1216
Error: (05/28/2014 08:24:40 AM) (Source: ESENT) (EventID: 494) (User: )
Description: SettingSyncHost5268{5C2052C9-BD63-4B8D-A9F7-35D8C417B952}: -1216C:\Users\kerstin\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb
Error: (05/28/2014 08:24:40 AM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost5268{6CE9F693-21FC-4CFD-8CCF-15AE0D7EA672}: -1216
Error: (05/28/2014 08:24:40 AM) (Source: ESENT) (EventID: 494) (User: )
Description: SettingSyncHost5268{6CE9F693-21FC-4CFD-8CCF-15AE0D7EA672}: -1216C:\Users\kerstin\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb
Error: (05/28/2014 08:24:40 AM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost5268{C4741D01-BF0F-4A56-B42A-D08997062558}: -1216
Error: (05/28/2014 08:24:40 AM) (Source: ESENT) (EventID: 494) (User: )
Description: SettingSyncHost5268{C4741D01-BF0F-4A56-B42A-D08997062558}: -1216C:\Users\kerstin\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb
|
|
03.06.2014, 19:22
| #5 |
| /// the machine /// TB-Ausbilder | Diverse Programme lassen sich nicht löschen (PCPerformer, Speedtest und mehr) Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.06.2014, 21:08
| #6 |
| | Diverse Programme lassen sich nicht löschen (PCPerformer, Speedtest und mehr) EDIT: Hat sich erledigt... Hi... erstmal Danke für die Hilfe... ich habe das erste Programm auch runtergeladen... sehe auch das Uninstallerfeld, aber nirgendwo "additional scanresult of farbar recovery tool". Wo finde ich das denn? Ich habe schon die Ansicht geändert, aber auch da finde ich es nicht... Liebe Grüße JustJoolez Geändert von JustJoolez (03.06.2014 um 21:31 Uhr) |
|
04.06.2014, 18:42
| #7 |
| /// the machine /// TB-Ausbilder | Diverse Programme lassen sich nicht löschen (PCPerformer, Speedtest und mehr) Schau mal in die Addition.txt von FRST, das Log welches Du gepostet hast.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.06.2014, 21:13
| #8 |
| | Diverse Programme lassen sich nicht löschen (PCPerformer, Speedtest und mehr) Hallo... ich war im Urlaub, daher konnte ich die Schritte erst jetzt erledigen. Hier also die 3 Logs MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 03.06.2014 Suchlauf-Zeit: 22:19:02 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.03.06 Rootkit Datenbank: v2014.06.02.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: kerstin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 296631 Verstrichene Zeit: 17 Min, 16 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 12 PUP.Optional.Conduit.A, C:\Users\kerstin\AppData\Local\Temp\SPSetup.exe, In Quarantäne, [42d0591b5625c86ef3835c27ea178a76], PUP.Optional.Conduit.A, C:\Users\kerstin\AppData\Local\Temp\nshDA29.exe, In Quarantäne, [4dc5551f1c5f72c41c5a285bee13be42], PUP.Optional.Conduit.A, C:\Users\kerstin\AppData\Local\Temp\nsjDE22.exe, In Quarantäne, [44ce571dff7c81b5df9789fa5fa2cc34], PUP.Optional.Conduit.A, C:\Users\kerstin\AppData\Local\Temp\nsoB95F.exe, In Quarantäne, [64ae62127cff280ef185255e9869639d], PUP.Optional.Conduit.A, C:\Users\kerstin\AppData\Local\Temp\nsqB056.exe, In Quarantäne, [080ad3a15526072f9ed8196a09f8fd03], PUP.Optional.Conduit.A, C:\Users\kerstin\AppData\Local\Temp\nsr9BA5.exe, In Quarantäne, [0012047096e540f6f97d4d367a8721df], PUP.Optional.BundleInstaller.A, C:\Users\kerstin\AppData\Local\Temp\n3304\s3304.exe, In Quarantäne, [b2601e56c7b496a0d39774d2e31d867a], PUP.Optional.Conduit.A, C:\Users\kerstin\AppData\Local\Temp\nsuFBAB\SpSetup.exe, In Quarantäne, [f9190e660576e15593e37e056d94619f], PUP.Optional.Conduit.A, C:\Windows\Temp\nss35F6.exe, In Quarantäne, [ed25373d0a7178be383e226153ae1ee2], PUP.Optional.Conduit.A, C:\Windows\Temp\nsz54F8.exe, In Quarantäne, [937fc8acd5a676c03b3b3b4805fce818], PUP.Optional.Conduit.A, C:\Windows\Temp\nshA5A9.exe, In Quarantäne, [35ddcfa5205bde586a0cc0c342bf44bc], PUP.Optional.Conduit.A, C:\Windows\Temp\nsdC160.exe, In Quarantäne, [16fcfd77c4b7f2440175ed96936e57a9], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.212 - Bericht erstellt am 15/06/2014 um 21:59:50
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : kerstin - VAIO
# Gestartet von : C:\Users\kerstin\Downloads\adwcleaner_3.212.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : {f64c1459-b911-4fd8-a74e-36a496bf26e3}Gw64
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\CluiCkForSale
Ordner Gelöscht : C:\ProgramData\KiangCiouupoN
Ordner Gelöscht : C:\ProgramData\SaverProo
Ordner Gelöscht : C:\ProgramData\weebsaver
Ordner Gelöscht : C:\Program Files (x86)\CluiCkForSale
Ordner Gelöscht : C:\Program Files (x86)\KiangCiouupoN
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Users\kerstin\Qtrax
Ordner Gelöscht : C:\Users\kerstin\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\kerstin\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\kerstin\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecfmlfgikjdagjikheaahnghjpajaljn
Ordner Gelöscht : C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkfhabhpnkdiiiogbocaoiimogaadgmn
Ordner Gelöscht : C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\moieabkfabdhfjlnalkfhdfekmmldnij
Datei Gelöscht : C:\Windows\System32\drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gw64.sys
Datei Gelöscht : C:\Users\kerstin\AppData\Local\Temp\uninstaller.exe
Datei Gelöscht : C:\Users\kerstin\Desktop\Continue VuuPC Installation.lnk
Datei Gelöscht : C:\Users\kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\sycvpt0y.default\user.js
Datei Gelöscht : C:\Users\kerstin\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_de.iminent.com_0.localstorage
Datei Gelöscht : C:\Users\kerstin\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_de.iminent.com_0.localstorage-journal
Datei Gelöscht : C:\Windows\System32\Tasks\PC Performer
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [freegames4357@bestoffers]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CCLiacukForSalee.CCLiacukForSalee
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CCLiacukForSalee.CCLiacukForSalee.1.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\KKinegCoupeon.KKinegCoupeon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\KKinegCoupeon.KKinegCoupeon.1.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{75CC1BBE-D96F-45DF-A622-D60BFA8AF49E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02AB1283-7D13-034D-0B9D-0A6E1FB30A23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{650E7FED-4BB2-F649-D3EE-B6565275F1BA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D017725-74A0-4513-913D-2939ADF6D0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3061B3C3-8B7F-4DBD-82DF-0B6CE9AA60E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{458BD324-E5D0-412C-954D-EDFD69A59ED9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{806ED5AF-3ED0-454C-BE4E-6644DD7BEDD1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9ADA5C62-B227-45A9-9D77-E5609A43E943}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B5445928-B77D-474B-84F6-6F1323CA5701}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BE6C7021-0352-4A7E-8A5B-46126353049E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2AA22AE-2103-4D78-9C0D-46DE64EE0ED7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D94BA844-0355-4F02-97F2-6856CD94FE66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4F96034-2761-4BAF-B906-E4B59E5D50EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE42F7F2-D931-40CD-ACE7-7B47383ACE25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02AB1283-7D13-034D-0B9D-0A6E1FB30A23}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{650E7FED-4BB2-F649-D3EE-B6565275F1BA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02AB1283-7D13-034D-0B9D-0A6E1FB30A23}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{650E7FED-4BB2-F649-D3EE-B6565275F1BA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02AB1283-7D13-034D-0B9D-0A6E1FB30A23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{650E7FED-4BB2-F649-D3EE-B6565275F1BA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{75CC1BBE-D96F-45DF-A622-D60BFA8AF49E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{02AB1283-7D13-034D-0B9D-0A6E1FB30A23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{650E7FED-4BB2-F649-D3EE-B6565275F1BA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D017725-74A0-4513-913D-2939ADF6D0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3061B3C3-8B7F-4DBD-82DF-0B6CE9AA60E8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{458BD324-E5D0-412C-954D-EDFD69A59ED9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{806ED5AF-3ED0-454C-BE4E-6644DD7BEDD1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9ADA5C62-B227-45A9-9D77-E5609A43E943}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B5445928-B77D-474B-84F6-6F1323CA5701}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BE6C7021-0352-4A7E-8A5B-46126353049E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2AA22AE-2103-4D78-9C0D-46DE64EE0ED7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D94BA844-0355-4F02-97F2-6856CD94FE66}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4F96034-2761-4BAF-B906-E4B59E5D50EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE42F7F2-D931-40CD-ACE7-7B47383ACE25}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\PerformerSoft
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\PerformerSoft
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16537
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\sycvpt0y.default\prefs.js ]
-\\ Google Chrome v31.0.1650.63
[ Datei : C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [10828 octets] - [15/06/2014 21:58:45]
AdwCleaner[S0].txt - [10328 octets] - [15/06/2014 21:59:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10389 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by kerstin on 15.06.2014 at 22:05:13,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\speedtest4354@bestoffers
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.06.2014 at 22:10:02,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Liebe Grüße Joolez |
|
16.06.2014, 21:21
| #9 |
| /// the machine /// TB-Ausbilder | Diverse Programme lassen sich nicht löschen (PCPerformer, Speedtest und mehr)ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.06.2014, 16:52
| #10 |
| | Diverse Programme lassen sich nicht löschen (PCPerformer, Speedtest und mehr) Hallo... Also erst einmal das Eset Log, n paar Dinge hat er wohl gefunden... Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=3e42f0e965b03a4aa9f24cd177cd515f
# engine=18789
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-19 08:59:06
# local_time=2014-06-19 10:59:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 3623 3584544 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2006328 7602435 0 0
# scanned=113951
# found=0
# cleaned=0
# scan_time=3184
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=3e42f0e965b03a4aa9f24cd177cd515f
# engine=18864
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-24 09:16:16
# local_time=2014-06-24 11:16:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 436653 4017574 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2439358 8035465 0 0
# scanned=264114
# found=20
# cleaned=0
# scan_time=7465
sh=3B29C36CCB0FD00A0812896E61D3AE6CE18E5EEE ft=1 fh=5ce1e22016c2ce7d vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kerstin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQKRQ7OJ\spstub[1].exe"
sh=0CE29E4B3CE1004C7967DAF574BA8D2920782299 ft=1 fh=af37a12746f98a73 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kerstin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KQ9JF66S\IMinentToolbar[1].exe"
sh=19345C99B036B9D16BC6C8E9273E6A9D8A991CED ft=1 fh=b1884d9b4cdc3f3a vn="Win32/InstallCore.OH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kerstin\AppData\Local\Temp\ICReinstall_nsg50E5.tmp"
sh=7F2FBB64964CCE38EBE53466F34879D6D2C7B155 ft=1 fh=fa7a9dbc4cdc3f3a vn="Win32/InstallCore.OH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kerstin\AppData\Local\Temp\ICReinstall_nsw801B.tmp"
sh=CCD90EE6E9B1ADFF9657E8F2C126BC6CB5C2EB24 ft=1 fh=91473923cd86549e vn="Variante von Win32/SProtector.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kerstin\AppData\Local\Temp\is-23477.tmp\OptProCrash.dll"
sh=605151B2EABB71AD5FA81E7513A43A0201AE8CAF ft=1 fh=48be24d62ce083a1 vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kerstin\AppData\Local\Temp\is45637729\110454_stp\AnyProtectScannerSetup.exe"
sh=605151B2EABB71AD5FA81E7513A43A0201AE8CAF ft=1 fh=48be24d62ce083a1 vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kerstin\AppData\Local\Temp\is45637729\1928221_stp\AnyProtectScannerSetup.exe"
sh=6188F31D1B1EFA1A21997F3854785714A3C37854 ft=1 fh=2c091a6f68923958 vn="Win32/VOPackage.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kerstin\AppData\Local\Temp\n3304\VOPackage.exe"
sh=A87B7647DC34B5B6186209377786E946B677C574 ft=1 fh=c2834f18f25710d9 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\kerstin\AppData\Local\Temp\{8A4E0350-43E9-4570-9413-E5ECC9C0AAEB}\setup.exe"
sh=1B2983DD978DB886263B1740E4C7E0CA1CEF88C4 ft=1 fh=29f8994b325a4b60 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Local\Temp\4CBD7A27-BAB0-7891-BAF6-7E923A785611\Setup.exe"
sh=D7C486D5ECD6233D2D2F3610C6EF4847A478BFC2 ft=1 fh=38ca62b6cbb313d4 vn="Win32/Toolbar.Babylon.M evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Local\Temp\4CBD7A27-BAB0-7891-BAF6-7E923A785611\Latest\ccp.exe"
sh=1466BC1893B6D4B277A177CD2C7D1BEF65F6AAEB ft=1 fh=407239d3cdeb51cc vn="Win32/Toolbar.Babylon.U evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Local\Temp\4CBD7A27-BAB0-7891-BAF6-7E923A785611\Latest\CrxInstaller.dll"
sh=EE7646E9A9ECD2FA138A5EE732368D3785E060B2 ft=1 fh=a9e6d2fee3def72a vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Local\Temp\4CBD7A27-BAB0-7891-BAF6-7E923A785611\Latest\IEHelper.dll"
sh=B7BCAF66B2BB0CA2EE89D16A94A4D4C4BB1CE025 ft=1 fh=9dabbe262182f2d2 vn="Variante von Win32/Toolbar.Babylon.V evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Local\Temp\4CBD7A27-BAB0-7891-BAF6-7E923A785611\Latest\MntrDLLInstall.dll"
sh=BCD82DF66056063F8B2BEBC62A31ADACDAD38796 ft=1 fh=615817bbaca864be vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Local\Temp\4CBD7A27-BAB0-7891-BAF6-7E923A785611\Latest\MyDeltaTB.exe"
sh=3097FBB717307A1E94B7B5A245A5BA611150A5B6 ft=1 fh=ca740bd1568f76eb vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Local\Temp\4CBD7A27-BAB0-7891-BAF6-7E923A785611\Latest\Setup.exe"
sh=AE0BF6A9D8E66B04214FEBB5BF4B086E8AA34498 ft=1 fh=502ed3b2eef6754b vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Local\Temp\~nsu.tmp\Au_.exe"
sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Roaming\BabSolution\Shared\BabMaint.exe"
sh=E2BA5F8A7BD2BAF32FF31730BAD873C8E7957030 ft=1 fh=6e8622963c31f56a vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Roaming\BabSolution\Shared\BUSolution.dll"
sh=3974AF6435D0019AA8C84BE925611F9287976CC4 ft=1 fh=8821c6c28bcd590e vn="MSIL/WebCake.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Roaming\WebCake\WebCakeDesktop.exe"
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=3e42f0e965b03a4aa9f24cd177cd515f
# engine=18873
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-25 02:56:53
# local_time=2014-06-25 04:56:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 500290 4081211 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2502995 8099102 0 0
# scanned=264069
# found=20
# cleaned=0
# scan_time=14713
sh=3B29C36CCB0FD00A0812896E61D3AE6CE18E5EEE ft=1 fh=5ce1e22016c2ce7d vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kerstin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQKRQ7OJ\spstub[1].exe"
sh=0CE29E4B3CE1004C7967DAF574BA8D2920782299 ft=1 fh=af37a12746f98a73 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kerstin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KQ9JF66S\IMinentToolbar[1].exe"
sh=19345C99B036B9D16BC6C8E9273E6A9D8A991CED ft=1 fh=b1884d9b4cdc3f3a vn="Win32/InstallCore.OH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kerstin\AppData\Local\Temp\ICReinstall_nsg50E5.tmp"
sh=7F2FBB64964CCE38EBE53466F34879D6D2C7B155 ft=1 fh=fa7a9dbc4cdc3f3a vn="Win32/InstallCore.OH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kerstin\AppData\Local\Temp\ICReinstall_nsw801B.tmp"
sh=CCD90EE6E9B1ADFF9657E8F2C126BC6CB5C2EB24 ft=1 fh=91473923cd86549e vn="Variante von Win32/SProtector.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kerstin\AppData\Local\Temp\is-23477.tmp\OptProCrash.dll"
sh=605151B2EABB71AD5FA81E7513A43A0201AE8CAF ft=1 fh=48be24d62ce083a1 vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kerstin\AppData\Local\Temp\is45637729\110454_stp\AnyProtectScannerSetup.exe"
sh=605151B2EABB71AD5FA81E7513A43A0201AE8CAF ft=1 fh=48be24d62ce083a1 vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kerstin\AppData\Local\Temp\is45637729\1928221_stp\AnyProtectScannerSetup.exe"
sh=6188F31D1B1EFA1A21997F3854785714A3C37854 ft=1 fh=2c091a6f68923958 vn="Win32/VOPackage.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kerstin\AppData\Local\Temp\n3304\VOPackage.exe"
sh=A87B7647DC34B5B6186209377786E946B677C574 ft=1 fh=c2834f18f25710d9 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\kerstin\AppData\Local\Temp\{8A4E0350-43E9-4570-9413-E5ECC9C0AAEB}\setup.exe"
sh=1B2983DD978DB886263B1740E4C7E0CA1CEF88C4 ft=1 fh=29f8994b325a4b60 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Local\Temp\4CBD7A27-BAB0-7891-BAF6-7E923A785611\Setup.exe"
sh=D7C486D5ECD6233D2D2F3610C6EF4847A478BFC2 ft=1 fh=38ca62b6cbb313d4 vn="Win32/Toolbar.Babylon.M evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Local\Temp\4CBD7A27-BAB0-7891-BAF6-7E923A785611\Latest\ccp.exe"
sh=1466BC1893B6D4B277A177CD2C7D1BEF65F6AAEB ft=1 fh=407239d3cdeb51cc vn="Win32/Toolbar.Babylon.U evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Local\Temp\4CBD7A27-BAB0-7891-BAF6-7E923A785611\Latest\CrxInstaller.dll"
sh=EE7646E9A9ECD2FA138A5EE732368D3785E060B2 ft=1 fh=a9e6d2fee3def72a vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Local\Temp\4CBD7A27-BAB0-7891-BAF6-7E923A785611\Latest\IEHelper.dll"
sh=B7BCAF66B2BB0CA2EE89D16A94A4D4C4BB1CE025 ft=1 fh=9dabbe262182f2d2 vn="Variante von Win32/Toolbar.Babylon.V evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Local\Temp\4CBD7A27-BAB0-7891-BAF6-7E923A785611\Latest\MntrDLLInstall.dll"
sh=BCD82DF66056063F8B2BEBC62A31ADACDAD38796 ft=1 fh=615817bbaca864be vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Local\Temp\4CBD7A27-BAB0-7891-BAF6-7E923A785611\Latest\MyDeltaTB.exe"
sh=3097FBB717307A1E94B7B5A245A5BA611150A5B6 ft=1 fh=ca740bd1568f76eb vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Local\Temp\4CBD7A27-BAB0-7891-BAF6-7E923A785611\Latest\Setup.exe"
sh=AE0BF6A9D8E66B04214FEBB5BF4B086E8AA34498 ft=1 fh=502ed3b2eef6754b vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Local\Temp\~nsu.tmp\Au_.exe"
sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Roaming\BabSolution\Shared\BabMaint.exe"
sh=E2BA5F8A7BD2BAF32FF31730BAD873C8E7957030 ft=1 fh=6e8622963c31f56a vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Roaming\BabSolution\Shared\BUSolution.dll"
sh=3974AF6435D0019AA8C84BE925611F9287976CC4 ft=1 fh=8821c6c28bcd590e vn="MSIL/WebCake.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\kerstin\AppData\Roaming\WebCake\WebCakeDesktop.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.83 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop McAfee Anti-Virus und Anti-Spyware Windows Defender Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 9 Java version out of Date! Adobe Flash Player 14.0.0.125 Adobe Reader XI Mozilla Firefox (30.0) Mozilla Thunderbird (24.4.0) Google Chrome 31.0.1650.57 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2014 Ran by kerstin (administrator) on VAIO on 25-06-2014 17:36:44 Running from C:\Users\kerstin\Downloads Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (AMD) C:\Windows\System32\atieclxx.exe (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe () C:\Program Files\Sony\VAIO Care\listener.exe (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-10-10] (Realtek Semiconductor) HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-11-05] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-11-05] (Atheros Communications) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-10-23] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-10-10] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [644656 2013-08-17] (McAfee, Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [183376 2014-05-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-09] (Avira Operations GmbH & Co. KG) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-2506654650-796066991-677667921-1001\...\MountPoints2: {7b6b7b5f-94bd-11e2-be73-a41731dab326} - "E:\.\Setup.exe" AUTORUN=1 HKU\S-1-5-21-2506654650-796066991-677667921-1001\...\MountPoints2: {7b6b7cc4-94bd-11e2-be73-a41731dab326} - "E:\.\Setup.exe" AUTORUN=1 HKU\S-1-5-21-2506654650-796066991-677667921-1001\...\MountPoints2: {b4a3e72f-c4b8-11e3-be95-a41731dab326} - "E:\.\Setup.exe" AUTORUN=1 HKU\S-1-5-21-2506654650-796066991-677667921-1001\...\MountPoints2: {b4a3e7d9-c4b8-11e3-be95-a41731dab326} - "E:\.\Setup.exe" AUTORUN=1 HKU\S-1-5-21-2506654650-796066991-677667921-1001\...\MountPoints2: {b4a3e862-c4b8-11e3-be95-a41731dab326} - "E:\.\Setup.exe" AUTORUN=1 HKU\S-1-5-21-2506654650-796066991-677667921-1001\...\MountPoints2: {dabeb57d-c706-11e3-be96-a41731dab326} - "E:\.\Setup.exe" AUTORUN=1 HKU\S-1-5-21-2506654650-796066991-677667921-1001\...\MountPoints2: {dabeb5aa-c706-11e3-be96-a41731dab326} - "E:\.\Setup.exe" AUTORUN=1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Parental Controls.lnk ShortcutTarget: McAfee Parental Controls.lnk -> C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) BootExecute: autocheck autochk * GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {356F967B-C0DB-413A-9722-2161E8C8B573} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms} SearchScopes: HKCU - {EF4931A1-F27D-4C98-80B4-EA0E228736DF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\sycvpt0y.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll () FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-01-09] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HomePage: CHR Extension: (Google Docs) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-25] CHR Extension: (Google Drive) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-25] CHR Extension: (No Name) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bglgepiolghndacjbjadadjnkgfgehcd [2014-02-12] CHR Extension: (YouTube) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-25] CHR Extension: (Google Search) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-25] CHR Extension: (No Name) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecfmlfgikjdagjikheaahnghjpajaljn [2014-05-24] CHR Extension: (No Name) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkfhabhpnkdiiiogbocaoiimogaadgmn [2014-01-27] CHR Extension: (No Name) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\moieabkfabdhfjlnalkfhdfekmmldnij [2014-03-18] CHR Extension: (Google Wallet) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26] CHR Extension: (sAveoRon) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\phcpimhcgagmbgbefciohdhljehmnalp [2014-02-15] CHR Extension: (Gmail) - C:\Users\kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-25] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2014-04-18] () R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-11-05] (Qualcomm Atheros Commnucations) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [123984 2014-05-14] (Avira Operations GmbH & Co. KG) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McSchedulerSvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-15] (McAfee, Inc.) S3 mfeicfcoreocp; C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe [2782392 2013-12-31] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-11-15] (McAfee, Inc.) S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-10-18] (Sony Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation) R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] () [File not signed] S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation) [File not signed] R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1265824 2012-10-23] (Sony Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-11-05] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-10-22] (Advanced Micro Devices) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-09] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-09] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-05] (Qualcomm Atheros) R3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-11-05] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [138752 2014-04-17] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-25] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-15] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-15] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-15] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-15] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-15] (McAfee, Inc.) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-23] (Synaptics Incorporated) R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-25 17:33 - 2014-06-25 17:33 - 00854367 _____ () C:\Users\kerstin\Downloads\SecurityCheck.exe 2014-06-24 22:08 - 2014-06-24 22:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-19 22:32 - 2014-06-19 22:32 - 01057176 _____ (Adobe) C:\Users\kerstin\Downloads\install_flashplayer14x32_ltr5x64d_awc_aih.exe 2014-06-19 22:32 - 2014-06-19 22:32 - 00000000 ____D () C:\Users\kerstin\AppData\Local\Macromedia 2014-06-19 22:30 - 2014-06-25 17:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-19 22:30 - 2014-06-19 22:30 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-06-19 22:02 - 2014-06-19 22:02 - 02347384 _____ (ESET) C:\Users\kerstin\Downloads\esetsmartinstaller_deu.exe 2014-06-19 21:58 - 2014-06-25 17:35 - 00000000 ____D () C:\Users\kerstin\Downloads\FRST-OlderVersion 2014-06-15 22:10 - 2014-06-15 22:10 - 00000755 _____ () C:\Users\kerstin\Desktop\JRT.txt 2014-06-15 22:05 - 2014-06-15 22:05 - 00000000 ____D () C:\Windows\ERUNT 2014-06-15 22:04 - 2014-06-15 22:04 - 01016261 _____ (Thisisu) C:\Users\kerstin\Downloads\JRT.exe 2014-06-15 21:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-06-15 21:58 - 2014-06-15 21:59 - 00000000 ____D () C:\AdwCleaner 2014-06-15 21:58 - 2014-06-15 21:58 - 01333465 _____ () C:\Users\kerstin\Downloads\adwcleaner_3.212.exe 2014-06-15 21:57 - 2014-06-15 21:57 - 00002566 _____ () C:\Users\kerstin\Desktop\mbam.txt 2014-06-15 21:56 - 2014-06-15 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-06-15 21:56 - 2014-06-15 21:56 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-06-03 22:37 - 2014-06-03 22:37 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\gncqmakw.sys 2014-06-03 21:58 - 2014-06-03 21:58 - 00001264 _____ () C:\Users\kerstin\Desktop\Revo Uninstaller.lnk 2014-06-03 21:58 - 2014-06-03 21:58 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-06-03 21:57 - 2014-06-03 21:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\kerstin\Downloads\revosetup95.exe 2014-06-03 21:56 - 2014-06-03 21:56 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-05-28 09:28 - 2014-05-28 09:28 - 00279640 _____ () C:\Windows\Minidump\052814-25140-01.dmp 2014-05-28 08:37 - 2014-05-28 08:37 - 00007137 _____ () C:\Users\kerstin\Desktop\gmer.txt 2014-05-28 08:31 - 2014-05-28 08:31 - 00380416 _____ () C:\Users\kerstin\Downloads\Gmer-19357.exe 2014-05-28 08:30 - 2014-05-28 08:31 - 00034612 _____ () C:\Users\kerstin\Downloads\Addition.txt 2014-05-28 08:29 - 2014-06-25 17:36 - 00020869 _____ () C:\Users\kerstin\Downloads\FRST.txt 2014-05-28 08:29 - 2014-06-25 17:36 - 00000000 ____D () C:\FRST 2014-05-28 08:29 - 2014-06-25 17:35 - 02082816 _____ (Farbar) C:\Users\kerstin\Downloads\FRST64.exe 2014-05-28 08:28 - 2014-05-28 08:28 - 00000476 _____ () C:\Users\kerstin\Downloads\defogger_disable.log 2014-05-28 08:28 - 2014-05-28 08:28 - 00000000 _____ () C:\Users\kerstin\defogger_reenable 2014-05-28 08:27 - 2014-05-28 08:27 - 00050477 _____ () C:\Users\kerstin\Downloads\Defogger.exe 2014-05-28 07:57 - 2014-06-25 17:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-28 07:57 - 2014-05-28 07:57 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-28 07:57 - 2014-05-28 07:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-28 07:57 - 2014-05-28 07:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-28 07:57 - 2014-05-28 07:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-28 07:57 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-28 07:57 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-28 07:57 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-28 07:56 - 2014-05-28 07:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\kerstin\Downloads\mbam-setup-2.0.2.1012.exe 2014-05-28 07:31 - 2014-05-28 07:31 - 03673664 _____ (Piriform Ltd) C:\Users\kerstin\Downloads\ccsetup414_slim.exe 2014-05-28 07:31 - 2014-05-28 07:31 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-05-28 07:31 - 2014-05-28 07:31 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-05-28 07:31 - 2014-05-28 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-05-28 07:31 - 2014-05-28 07:31 - 00000000 ____D () C:\Program Files\CCleaner 2014-05-27 18:10 - 2014-05-27 18:10 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-27 18:10 - 2014-05-27 18:10 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-27 18:10 - 2014-05-27 18:10 - 00000000 ____D () C:\Users\kerstin\AppData\Local\Mozilla 2014-05-27 18:08 - 2014-05-27 18:08 - 00283144 _____ (Mozilla) C:\Users\kerstin\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-27 17:40 - 2014-05-27 17:40 - 00000000 ____D () C:\Users\kerstin\AppData\Roaming\Avira 2014-05-27 17:39 - 2014-05-09 11:16 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-05-27 17:39 - 2014-05-09 11:16 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-05-27 17:39 - 2014-05-09 11:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-05-27 17:36 - 2014-05-27 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-05-27 17:36 - 2014-05-27 17:39 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-27 17:36 - 2014-05-27 17:36 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-05-27 17:35 - 2014-05-27 17:39 - 00000000 ____D () C:\ProgramData\Avira 2014-05-27 17:35 - 2014-05-27 17:35 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\kerstin\Downloads\avira_de_av_4000461663__ws.exe 2014-05-27 17:35 - 2014-05-27 17:35 - 00000000 ____D () C:\ProgramData\Package Cache 2014-05-27 17:32 - 2014-05-27 17:32 - 00003402 _____ () C:\Windows\System32\Tasks\{CC799F03-888A-48DF-B208-788F6A14DAE5} 2014-05-27 17:27 - 2014-05-27 17:27 - 00000000 ____D () C:\Program Files (x86)\DaoocSCoonvoErtteer 2014-05-26 16:43 - 2014-06-15 21:56 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-05-26 16:43 - 2014-06-15 21:56 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-05-26 16:43 - 2014-05-26 16:43 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-05-26 16:37 - 2014-05-28 08:16 - 00000000 ____D () C:\temp 2014-05-26 11:26 - 2014-05-26 11:26 - 00279584 _____ () C:\Windows\Minidump\052614-64640-01.dmp 2014-05-26 11:24 - 2014-05-26 11:24 - 00000000 __SHD () C:\found.002 2014-05-26 08:46 - 2014-06-03 22:12 - 00000000 ____D () C:\Users\kerstin\AppData\Roaming\FreePDFReader 2014-05-26 08:45 - 2014-05-26 08:46 - 00000000 ____D () C:\Program Files (x86)\FreePDFReader ==================== One Month Modified Files and Folders ======= 2014-06-25 17:37 - 2014-05-28 08:29 - 00020869 _____ () C:\Users\kerstin\Downloads\FRST.txt 2014-06-25 17:36 - 2014-05-28 08:29 - 00000000 ____D () C:\FRST 2014-06-25 17:35 - 2014-06-19 21:58 - 00000000 ____D () C:\Users\kerstin\Downloads\FRST-OlderVersion 2014-06-25 17:35 - 2014-05-28 08:29 - 02082816 _____ (Farbar) C:\Users\kerstin\Downloads\FRST64.exe 2014-06-25 17:33 - 2014-06-25 17:33 - 00854367 _____ () C:\Users\kerstin\Downloads\SecurityCheck.exe 2014-06-25 17:32 - 2014-05-28 07:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-25 17:30 - 2014-06-19 22:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-25 17:09 - 2013-01-09 02:00 - 01533371 _____ () C:\Windows\WindowsUpdate.log 2014-06-25 17:05 - 2013-08-18 20:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-25 17:00 - 2013-07-08 17:26 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-25 17:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2014-06-25 16:59 - 2013-07-07 09:42 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2506654650-796066991-677667921-1001 2014-06-25 16:54 - 2013-07-25 15:39 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-25 13:03 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\tracing 2014-06-25 12:49 - 2014-03-27 09:46 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0C9F0AAB-17A9-4111-A221-1345BA5E1119} 2014-06-25 12:47 - 2013-07-07 09:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-25 12:46 - 2013-07-25 15:39 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-24 23:16 - 2013-07-07 09:21 - 00000000 ____D () C:\Users\kerstin\AppData\Local\VirtualStore 2014-06-24 22:08 - 2014-06-24 22:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-24 21:10 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp 2014-06-24 21:08 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF 2014-06-24 21:03 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-06-19 22:32 - 2014-06-19 22:32 - 01057176 _____ (Adobe) C:\Users\kerstin\Downloads\install_flashplayer14x32_ltr5x64d_awc_aih.exe 2014-06-19 22:32 - 2014-06-19 22:32 - 00000000 ____D () C:\Users\kerstin\AppData\Local\Macromedia 2014-06-19 22:30 - 2014-06-19 22:30 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-06-19 22:02 - 2014-06-19 22:02 - 02347384 _____ (ESET) C:\Users\kerstin\Downloads\esetsmartinstaller_deu.exe 2014-06-15 22:15 - 2013-01-09 02:30 - 00000000 ____D () C:\ProgramData\MOCP 2014-06-15 22:10 - 2014-06-15 22:10 - 00000755 _____ () C:\Users\kerstin\Desktop\JRT.txt 2014-06-15 22:05 - 2014-06-15 22:05 - 00000000 ____D () C:\Windows\ERUNT 2014-06-15 22:04 - 2014-06-15 22:04 - 01016261 _____ (Thisisu) C:\Users\kerstin\Downloads\JRT.exe 2014-06-15 22:01 - 2014-04-18 16:10 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-06-15 22:01 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-15 22:00 - 2012-08-03 04:22 - 00150142 _____ () C:\Windows\PFRO.log 2014-06-15 22:00 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-06-15 21:59 - 2014-06-15 21:58 - 00000000 ____D () C:\AdwCleaner 2014-06-15 21:59 - 2013-07-07 08:58 - 00000000 ____D () C:\Users\kerstin 2014-06-15 21:58 - 2014-06-15 21:58 - 01333465 _____ () C:\Users\kerstin\Downloads\adwcleaner_3.212.exe 2014-06-15 21:57 - 2014-06-15 21:57 - 00002566 _____ () C:\Users\kerstin\Desktop\mbam.txt 2014-06-15 21:56 - 2014-06-15 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-06-15 21:56 - 2014-06-15 21:56 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-06-15 21:56 - 2014-05-26 16:43 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-06-15 21:56 - 2014-05-26 16:43 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-06-03 22:37 - 2014-06-03 22:37 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\gncqmakw.sys 2014-06-03 22:37 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\Web 2014-06-03 22:14 - 2014-02-15 22:48 - 00000000 ____D () C:\ProgramData\sAveoRon 2014-06-03 22:12 - 2014-05-26 08:46 - 00000000 ____D () C:\Users\kerstin\AppData\Roaming\FreePDFReader 2014-06-03 21:58 - 2014-06-03 21:58 - 00001264 _____ () C:\Users\kerstin\Desktop\Revo Uninstaller.lnk 2014-06-03 21:58 - 2014-06-03 21:58 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-06-03 21:57 - 2014-06-03 21:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\kerstin\Downloads\revosetup95.exe 2014-06-03 21:56 - 2014-06-03 21:56 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-05-30 19:47 - 2013-09-15 21:52 - 00007680 ___SH () C:\Users\kerstin\Thumbs.db 2014-05-28 09:28 - 2014-05-28 09:28 - 00279640 _____ () C:\Windows\Minidump\052814-25140-01.dmp 2014-05-28 09:28 - 2013-09-24 20:32 - 00000000 ____D () C:\Windows\Minidump 2014-05-28 09:28 - 2013-09-18 13:30 - 536517532 _____ () C:\Windows\MEMORY.DMP 2014-05-28 08:37 - 2014-05-28 08:37 - 00007137 _____ () C:\Users\kerstin\Desktop\gmer.txt 2014-05-28 08:31 - 2014-05-28 08:31 - 00380416 _____ () C:\Users\kerstin\Downloads\Gmer-19357.exe 2014-05-28 08:31 - 2014-05-28 08:30 - 00034612 _____ () C:\Users\kerstin\Downloads\Addition.txt 2014-05-28 08:28 - 2014-05-28 08:28 - 00000476 _____ () C:\Users\kerstin\Downloads\defogger_disable.log 2014-05-28 08:28 - 2014-05-28 08:28 - 00000000 _____ () C:\Users\kerstin\defogger_reenable 2014-05-28 08:27 - 2014-05-28 08:27 - 00050477 _____ () C:\Users\kerstin\Downloads\Defogger.exe 2014-05-28 08:16 - 2014-05-26 16:37 - 00000000 ____D () C:\temp 2014-05-28 07:57 - 2014-05-28 07:57 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-28 07:57 - 2014-05-28 07:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-28 07:57 - 2014-05-28 07:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-28 07:57 - 2014-05-28 07:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-28 07:56 - 2014-05-28 07:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\kerstin\Downloads\mbam-setup-2.0.2.1012.exe 2014-05-28 07:31 - 2014-05-28 07:31 - 03673664 _____ (Piriform Ltd) C:\Users\kerstin\Downloads\ccsetup414_slim.exe 2014-05-28 07:31 - 2014-05-28 07:31 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-05-28 07:31 - 2014-05-28 07:31 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-05-28 07:31 - 2014-05-28 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-05-28 07:31 - 2014-05-28 07:31 - 00000000 ____D () C:\Program Files\CCleaner 2014-05-27 20:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache 2014-05-27 18:10 - 2014-05-27 18:10 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-27 18:10 - 2014-05-27 18:10 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-27 18:10 - 2014-05-27 18:10 - 00000000 ____D () C:\Users\kerstin\AppData\Local\Mozilla 2014-05-27 18:08 - 2014-05-27 18:08 - 00283144 _____ (Mozilla) C:\Users\kerstin\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-27 18:07 - 2012-07-26 07:26 - 00000226 _____ () C:\Windows\win.ini 2014-05-27 17:44 - 2014-02-03 20:34 - 00000000 ____D () C:\ProgramData\DaoocSCoonvoErtteer 2014-05-27 17:40 - 2014-05-27 17:40 - 00000000 ____D () C:\Users\kerstin\AppData\Roaming\Avira 2014-05-27 17:39 - 2014-05-27 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-05-27 17:39 - 2014-05-27 17:36 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-27 17:39 - 2014-05-27 17:35 - 00000000 ____D () C:\ProgramData\Avira 2014-05-27 17:36 - 2014-05-27 17:36 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-05-27 17:35 - 2014-05-27 17:35 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\kerstin\Downloads\avira_de_av_4000461663__ws.exe 2014-05-27 17:35 - 2014-05-27 17:35 - 00000000 ____D () C:\ProgramData\Package Cache 2014-05-27 17:32 - 2014-05-27 17:32 - 00003402 _____ () C:\Windows\System32\Tasks\{CC799F03-888A-48DF-B208-788F6A14DAE5} 2014-05-27 17:31 - 2013-07-30 11:03 - 00000000 ____D () C:\Users\kerstin\AppData\Local\CrashDumps 2014-05-27 17:30 - 2013-01-09 01:36 - 00753134 _____ () C:\Windows\system32\perfh007.dat 2014-05-27 17:30 - 2013-01-09 01:36 - 00155826 _____ () C:\Windows\system32\perfc007.dat 2014-05-27 17:30 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-27 17:27 - 2014-05-27 17:27 - 00000000 ____D () C:\Program Files (x86)\DaoocSCoonvoErtteer 2014-05-27 17:26 - 2014-01-27 21:37 - 00000000 ____D () C:\ProgramData\a130b489b9c6817 2014-05-27 14:34 - 2014-05-04 19:16 - 00000463 _____ () C:\Users\kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website 2014-05-27 11:46 - 2013-06-06 19:02 - 00014336 ___SH () C:\Users\kerstin\Downloads\Thumbs.db 2014-05-26 16:43 - 2014-05-26 16:43 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-05-26 16:43 - 2013-01-09 02:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-26 16:42 - 2013-01-09 02:26 - 00000000 ____D () C:\ProgramData\Adobe 2014-05-26 11:26 - 2014-05-26 11:26 - 00279584 _____ () C:\Windows\Minidump\052614-64640-01.dmp 2014-05-26 11:24 - 2014-05-26 11:24 - 00000000 __SHD () C:\found.002 2014-05-26 08:46 - 2014-05-26 08:45 - 00000000 ____D () C:\Program Files (x86)\FreePDFReader 2014-05-26 08:35 - 2013-01-09 02:26 - 00000000 ____D () C:\ProgramData\Temp Some content of TEMP: ==================== C:\Users\kerstin\AppData\Local\Temp\avgnt.exe C:\Users\kerstin\AppData\Local\Temp\BackupSetup.exe C:\Users\kerstin\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih.exe C:\Users\kerstin\AppData\Local\Temp\mfc80.dll C:\Users\kerstin\AppData\Local\Temp\mfc80u.dll C:\Users\kerstin\AppData\Local\Temp\mfcm80.dll C:\Users\kerstin\AppData\Local\Temp\mfcm80u.dll C:\Users\kerstin\AppData\Local\Temp\msvcm80.dll C:\Users\kerstin\AppData\Local\Temp\msvcp80.dll C:\Users\kerstin\AppData\Local\Temp\msvcr80.dll C:\Users\kerstin\AppData\Local\Temp\OSU.exe C:\Users\kerstin\AppData\Local\Temp\Quarantine.exe C:\Users\kerstin\AppData\Local\Temp\vcredist_x64.exe C:\Users\kerstin\AppData\Local\Temp\VersionUpdater.exe C:\Users\kerstin\AppData\Local\Temp\WtgDriverInstallX.dll C:\Users\kerstin\AppData\Local\Temp\WTGXMLUtil.dll C:\Users\kerstin\AppData\Local\Temp\WtgZip.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-25 16:59 ==================== End Of Log ============================ --- --- --- Nochmal Danke für die tolle Hilfe!!!!! Liebe Grüße Joolez |
|
26.06.2014, 15:04
| #11 |
| /// the machine /// TB-Ausbilder | Diverse Programme lassen sich nicht löschen (PCPerformer, Speedtest und mehr) Java updaten. Ordner Windows.old löschen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.06.2014, 17:49
| #12 |
| | Diverse Programme lassen sich nicht löschen (PCPerformer, Speedtest und mehr) Danke für die tolle Hilfe!!!! Thread kann geschlossen werden :-) |
|
27.06.2014, 11:24
| #13 |
| /// the machine /// TB-Ausbilder | Diverse Programme lassen sich nicht löschen (PCPerformer, Speedtest und mehr) Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
Linear-Darstellung
