Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: DropperGen/Malware/Spyware - das volle Programm

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 05.04.2015, 11:23   #1
Phiyahless
 
DropperGen/Malware/Spyware - das volle Programm - Standard

DropperGen/Malware/Spyware - das volle Programm



Hallöchen,

mein Name ist Yasmin und ich habe hier einen verseuchten Laptop.

Als ich gestern bei meiner Freundin war hat sie ihn angemacht und wir wollte mir zeigen wie langsam, träge, schlecht der läuft..chrome stürzt ab. Schlecht einfach.

Erster Schock: Kein Antivirus Programm, bzw Lizenz abgelaufen. Dann eröffnete sie mir das das erstens schon lange (2,3,4? Wochen) so ist, und das sie so, auch ein oder zwei tage vorher auf Streamingseiten unterwegs war

Chrome wurde in der Zeit heruntergeladen und nach erster durchsicht seit gestern ist das auch eine Quelle des übels. Dieser download hat total viel Adware und mist mitinstalliert (Browser Good, iStartSurf, Zombi Invasion )

Eigentlich wäre dieses Verhalten fast ein Grund ihr nicht zu helfen, aber ehrlich gesagt tut der Laptop mir leid

Was ich bis jetzt gemacht habe:

-software deinstalliert (Chrome + einiger mist)
-Avast virus scan: 4 infizierte Objekte, ua. DropperGen,Adware,Malware) finde keinen Logfile dazu leider
- Eure Anleitung befolgt
-Gmer hat nicht funktioniert (Fehler: Programm würde von etwas anderem ausgeführt oder ähnlich)
und jetzt gerade für ein paar Zusatzinfos läuft Malwarebytes. 411 gefundene Objekte .. ich glaub ich krieg nen Herzinfarkt

Hat jemand von euch erbarmen und würde mir helfen diesen Totalschaden wieder hinzukriegen?

Name etc.. dürfen ruhig ersichtlich bleiben

1) Defogger= Hab ich gemacht
2) FRST Logfiles.. da gibts mehrere.

FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Lena (administrator) on LENA on 05-04-2015 10:13:32
Running from C:\Users\Lena\Desktop
Loaded Profiles: Lena (Available profiles: Lena)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7535832 2014-02-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2803440 2013-12-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [gmsd_de_370] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-04] (Avast Software s.r.o.)
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{9bb832fb-83cc-0e4c-9bb8-832fb83ccbee}\hqghumeaylnlf.exe (PC Utilities Software Limited)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1428084012&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1428084012&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}
SearchScopes: HKLM -> {EE60B551-6ECC-4D1A-900A-974375B39DDC} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {EE60B551-6ECC-4D1A-900A-974375B39DDC} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&ts=1428084035&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&ts=1428084035&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1428084012&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&ts=1428084035&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {EE60B551-6ECC-4D1A-900A-974375B39DDC} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&ts=1428084035&type=default&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-04] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-04] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX

FireFox:
========
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-03] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-04]

Chrome: 
=======
CHR HomePage: Default -> https://www.google.de/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8m
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hppp&ts=1428084012&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-03]
CHR Extension: (Google Docs) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-03]
CHR Extension: (Google Drive) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-03]
CHR Extension: (YouTube) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-03]
CHR Extension: (Adblock Plus) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-05]
CHR Extension: (Google Search) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-03]
CHR Extension: (Google Sheets) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-03]
CHR Extension: (Browser Good) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdlnhhdbgjcpikdcdnllgdmlonnggaab [2015-04-04]
CHR Extension: (Avast Online Security) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-03]
CHR Extension: (Google Wallet) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-03]
CHR Extension: (Gmail) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-17] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-04] (Avast Software s.r.o.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158816 2015-03-16] (XTab system)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-02-13] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-25] (Advanced Micro Devices, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-04-03] (SysTool PasSame LIMITED)
S2 AtherosSvc; "C:\Program Files (x86)\Bluetooth Suite\adminservice.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-25] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-25] (Advanced Micro Devices, Inc. )
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-04] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-04] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-04] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-04] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-04] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-04] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 10:13 - 2015-04-05 10:14 - 00017596 _____ () C:\Users\Lena\Desktop\FRST.txt
2015-04-05 10:13 - 2015-04-05 10:13 - 00000000 ____D () C:\FRST
2015-04-05 10:11 - 2015-04-05 10:11 - 02095616 _____ (Farbar) C:\Users\Lena\Desktop\FRST64.exe
2015-04-05 10:09 - 2015-04-05 10:09 - 00000470 _____ () C:\Users\Lena\Downloads\defogger_disable.log
2015-04-05 10:09 - 2015-04-05 10:09 - 00000000 _____ () C:\Users\Lena\defogger_reenable
2015-04-05 10:07 - 2015-04-05 10:07 - 00050477 _____ () C:\Users\Lena\Downloads\Defogger.exe
2015-04-05 09:58 - 2015-04-05 09:58 - 00002278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-05 09:58 - 2015-04-05 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-04 20:28 - 2015-04-04 20:28 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-04-04 17:53 - 2015-04-04 17:53 - 00001945 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-04 17:53 - 2015-04-04 17:53 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\AVAST Software
2015-04-04 17:53 - 2015-04-04 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-04 17:52 - 2015-04-04 17:52 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-04 17:52 - 2015-04-04 17:52 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-04 17:52 - 2015-04-04 17:52 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-04 17:52 - 2015-04-04 17:51 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-04 17:51 - 2015-04-04 17:51 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-04 17:50 - 2015-04-04 17:50 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\rddcvtpk.sys
2015-04-04 17:50 - 2015-04-04 17:50 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-04 17:41 - 2015-04-04 17:42 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2015-04-04 17:41 - 2015-04-04 17:41 - 00000000 ____D () C:\Windows\Options
2015-04-04 17:41 - 2013-10-17 02:46 - 03858944 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athwbx.sys
2015-04-04 17:25 - 2015-04-04 17:25 - 00000000 ____D () C:\Windows\LastGood.Tmp
2015-04-04 17:22 - 2015-04-04 17:22 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\WinRAR
2015-04-04 17:22 - 2015-04-04 17:22 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-04 17:22 - 2015-04-04 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-04 17:21 - 2015-04-04 17:22 - 00000000 ____D () C:\Program Files\WinRAR
2015-04-04 17:16 - 2015-04-04 17:18 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
2015-04-04 17:16 - 2015-04-04 17:16 - 00000000 ____D () C:\Users\Lena\AppData\Local\DriverToolkit
2015-04-04 17:06 - 2015-04-04 20:34 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 17:06 - 2015-04-04 17:06 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 16:51 - 2015-04-04 17:07 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-04 16:12 - 2015-04-04 16:12 - 00000000 ____D () C:\ProgramData\8bdda2ae000015df
2015-04-04 16:07 - 2015-04-04 16:07 - 00003136 _____ () C:\Windows\System32\Tasks\{64880DBA-0167-4B94-A9F5-94125B8E03E8}
2015-04-04 15:52 - 2015-04-04 19:30 - 00000000 ____D () C:\Program Files (x86)\Browser Good
2015-04-04 15:48 - 2015-03-11 04:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 00943104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-04 15:41 - 2015-04-04 16:04 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-03 20:10 - 2015-04-03 20:10 - 00000452 _____ () C:\Windows\Tasks\SpeedChecker Update.job
2015-04-03 20:10 - 2015-04-03 20:10 - 00000000 ____D () C:\Users\Lena\Documents\Optimizer Pro
2015-04-03 20:08 - 2015-04-04 15:42 - 00000000 ____D () C:\ProgramData\{9bb832fb-83cc-0e4c-9bb8-832fb83ccbee}
2015-04-03 20:03 - 2015-04-04 16:41 - 00000000 ___HD () C:\Users\Public\Temp
2015-04-03 20:02 - 2015-04-03 20:02 - 00000000 ____D () C:\Users\Lena\AppData\Local\Crossbrowse
2015-04-03 20:01 - 2015-04-03 20:01 - 00003152 _____ () C:\Windows\System32\Tasks\Run_Browser
2015-04-03 20:00 - 2015-04-05 09:53 - 00000918 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-04-03 20:00 - 2015-04-04 19:32 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-04-03 20:00 - 2015-04-03 20:10 - 00000922 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-04-03 20:00 - 2015-04-03 20:05 - 00003894 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-04-03 20:00 - 2015-04-03 20:05 - 00003658 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-04-03 20:00 - 2015-04-03 20:00 - 00000000 ____D () C:\Users\Lena\AppData\Local\globalUpdate
2015-04-03 20:00 - 2015-04-03 20:00 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-04-03 20:00 - 2015-04-03 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-04-03 20:00 - 2015-04-03 20:00 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-04-03 19:59 - 2015-04-03 20:04 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-03 19:59 - 2015-04-03 20:04 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-03 19:59 - 2015-04-03 20:04 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-03 19:59 - 2015-04-03 20:04 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-03 19:59 - 2015-04-03 19:59 - 00003546 _____ () C:\Windows\System32\Tasks\VZZXGN
2015-04-03 19:58 - 2015-04-04 16:07 - 00000000 ____D () C:\ProgramData\LolliScan
2015-04-03 19:58 - 2015-04-03 20:02 - 00000000 ____D () C:\Users\Lena\AppData\Local\Google
2015-04-03 19:58 - 2015-04-03 20:02 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-03 19:58 - 2015-04-03 19:58 - 00000000 ____D () C:\ProgramData\7b2a98c5c3a9485689cfb0f9c7e387ba
2015-04-03 19:58 - 2015-04-03 19:58 - 00000000 ____D () C:\ProgramData\4d0801eee76440b5aa8e9e9bd8f25f47
2015-04-03 19:43 - 2015-04-03 19:43 - 00000000 __SHD () C:\Users\Lena\AppData\Local\EmieBrowserModeList
2015-03-26 21:14 - 2015-04-04 19:43 - 00000385 _____ () C:\Users\Lena\AppData\Roaming\XQZHZAT
2015-03-13 18:32 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-13 18:32 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-13 18:32 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-13 18:32 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-13 18:32 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-03-13 18:32 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-13 18:32 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-03-13 18:31 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 18:31 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-13 18:31 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-13 18:31 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 18:31 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 18:31 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-13 18:31 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-13 18:31 - 2015-02-07 01:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-13 18:31 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-13 18:31 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-03-13 18:31 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-13 18:31 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-03-13 18:31 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-13 18:31 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-13 18:31 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-03-13 18:31 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-13 18:31 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2015-03-13 18:31 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-13 18:31 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-13 18:31 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-03-13 18:31 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-03-13 18:31 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-03-13 18:31 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-13 18:31 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-03-13 18:31 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-13 18:31 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-13 18:31 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-13 18:31 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-13 18:31 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-13 18:31 - 2014-10-29 04:49 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-13 18:31 - 2014-10-29 04:46 - 00081920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2015-03-13 18:31 - 2014-10-29 04:46 - 00053248 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2015-03-13 18:31 - 2014-10-29 04:45 - 01198080 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-03-13 18:31 - 2014-10-29 04:44 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-13 18:31 - 2014-10-29 04:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-13 18:31 - 2014-10-29 04:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\printui.exe
2015-03-13 18:31 - 2014-10-29 04:34 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-03-13 18:31 - 2014-10-29 04:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll
2015-03-13 18:31 - 2014-10-29 04:04 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-13 18:31 - 2014-10-29 04:03 - 00241152 ____C (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
2015-03-13 18:31 - 2014-10-29 04:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-13 18:31 - 2014-10-29 04:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-13 18:31 - 2014-10-29 03:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.exe
2015-03-13 18:31 - 2014-10-29 03:52 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2015-03-13 18:31 - 2014-10-29 03:51 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-03-13 18:31 - 2014-10-29 03:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2015-03-13 18:31 - 2014-10-29 03:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findnetprinters.dll
2015-03-13 18:31 - 2014-10-29 03:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\atlthunk.dll
2015-03-13 18:31 - 2014-10-29 03:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-03-13 18:31 - 2014-10-29 03:15 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2015-03-13 18:31 - 2014-10-29 02:55 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2015-03-13 18:31 - 2014-10-29 02:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2015-03-13 18:31 - 2014-10-29 02:41 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2015-03-13 18:31 - 2014-10-29 02:35 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2015-03-13 18:30 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-13 18:30 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-13 18:30 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-13 18:30 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-03-13 18:30 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-13 18:30 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-13 18:30 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-13 18:30 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-13 18:30 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-13 18:30 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-13 18:30 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-13 18:30 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-13 18:30 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-13 18:30 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-13 18:30 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-13 18:30 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-13 18:30 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-13 18:30 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-13 18:30 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-13 18:30 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-13 18:30 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-13 18:30 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-13 18:30 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-13 18:30 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-13 18:30 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-13 18:30 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-13 18:30 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-13 18:30 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-03-13 18:30 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-13 18:30 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-03-13 18:30 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-13 18:30 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-13 18:30 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-13 18:30 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-13 18:30 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-13 18:30 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-13 18:30 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-13 18:30 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-13 18:30 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-13 18:30 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-13 18:30 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-13 18:30 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-13 18:30 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-13 18:30 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-13 18:30 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-13 18:30 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-13 18:30 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-13 18:30 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-13 18:30 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 18:30 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-13 18:30 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-13 18:30 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-13 18:30 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-13 18:30 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-13 18:30 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-13 18:30 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 18:30 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-13 18:30 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-03-13 18:30 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-13 18:30 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-03-13 18:30 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-13 18:30 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-13 18:30 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-13 18:30 - 2014-10-29 05:56 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-13 18:30 - 2014-10-29 04:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2015-03-13 18:30 - 2014-10-29 04:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2015-03-13 18:30 - 2014-10-29 04:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2015-03-13 18:30 - 2014-10-29 03:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll
2015-03-13 18:30 - 2014-10-29 03:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-03-13 18:30 - 2014-10-29 02:59 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll
2015-03-13 18:30 - 2014-10-29 02:55 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-03-13 18:29 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-13 18:29 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-03-13 18:29 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 18:29 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-13 18:29 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-13 18:29 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-03-13 18:29 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 18:29 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-09 21:00 - 2015-03-03 15:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-06 16:08 - 2015-03-06 16:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 10:12 - 2014-12-04 20:31 - 01124839 _____ () C:\Windows\WindowsUpdate.log
2015-04-05 10:09 - 2014-12-04 20:41 - 00000000 ____D () C:\Users\Lena
2015-04-05 10:03 - 2014-12-04 20:47 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3163897636-2943637359-1939516349-1002
2015-04-05 10:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-05 09:56 - 2014-12-04 20:46 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DA146DF6-84F2-44EC-AE01-834C2EFCE954}
2015-04-05 09:53 - 2014-12-04 20:45 - 00000000 __RDO () C:\Users\Lena\OneDrive
2015-04-04 20:32 - 2014-05-07 04:46 - 00800954 _____ () C:\Windows\system32\perfh007.dat
2015-04-04 20:32 - 2014-05-07 04:46 - 00174458 _____ () C:\Windows\system32\perfc007.dat
2015-04-04 20:32 - 2014-03-18 11:53 - 01921090 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-04 20:29 - 2014-09-10 02:45 - 00667834 _____ () C:\Windows\SysWOW64\rootpa.e2e
2015-04-04 20:28 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 20:27 - 2013-08-22 16:46 - 00029592 _____ () C:\Windows\setupact.log
2015-04-04 19:14 - 2014-09-10 02:36 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-04-04 19:14 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-04 18:44 - 2013-08-22 15:25 - 00000226 _____ () C:\Windows\win.ini
2015-04-04 17:46 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-04-04 17:41 - 2014-05-06 19:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-04 17:40 - 2014-04-01 03:07 - 00000000 ____D () C:\SWSetup
2015-04-04 17:26 - 2014-09-10 02:38 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-04-04 17:25 - 2014-03-18 11:44 - 00015490 _____ () C:\Windows\PFRO.log
2015-04-04 17:07 - 2014-12-27 17:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-04 17:07 - 2014-12-27 17:52 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-04 17:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-04 16:41 - 2013-10-02 23:14 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-04-04 16:39 - 2014-09-10 02:45 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-04 16:39 - 2014-09-10 02:45 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-04-04 16:38 - 2013-08-22 16:44 - 00338016 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-04 16:28 - 2014-05-06 19:47 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-04-04 16:28 - 2014-05-06 19:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-04-04 16:27 - 2014-05-06 20:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-04-04 16:26 - 2014-12-06 09:53 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\hpqlog
2015-04-04 16:23 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-04-04 16:19 - 2014-09-10 02:35 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-04-04 16:18 - 2014-12-04 20:41 - 00001461 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-04 16:02 - 2014-09-10 02:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-04-04 16:01 - 2014-09-10 02:50 - 00000000 ____D () C:\ProgramData\CyberLink
2015-04-04 16:00 - 2014-05-06 19:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-04-04 15:43 - 2014-12-04 20:43 - 00000000 ____D () C:\Users\Lena\Documents\Youcam
2015-03-20 18:16 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-13 18:45 - 2014-12-27 17:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-13 18:43 - 2014-12-27 17:28 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-03-26 21:14 - 2015-04-04 19:43 - 0000385 _____ () C:\Users\Lena\AppData\Roaming\XQZHZAT

Some content of TEMP:
====================
C:\Users\Lena\AppData\Local\Temp\81A289CB-919E-62E2-27CC-59E542698677.dll
C:\Users\Lena\AppData\Local\Temp\optprosetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 16:50

==================== End Of Log ============================
         
Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Lena at 2015-04-05 10:14:55
Running from C:\Users\Lena\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{7536C341-2F7D-EFE6-F521-DEBE68B025C5}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Documentation (HKLM-x32\...\{F29E3AA8-CF19-4452-92B7-F1FE31CD11C5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Ihr Firmenname)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0033 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7164 - Realtek Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.4.0 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-03-2015 18:33:15 Windows Update
04-04-2015 15:50:25 Removed Bonjour

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08E6DAD9-A9E4-4038-B4FC-BD53D8CB5719} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {0E72D7A4-B9F8-45FD-98E0-A1F36A1A7A08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-03] (Google Inc.)
Task: {0FDAE9A2-92E2-4570-A1BB-18EFDFAD84EF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-04] (Avast Software s.r.o.)
Task: {1DEC50FB-2955-42BC-9D6A-0E3BF5C4C9AA} - System32\Tasks\Run_Browser => C:\Users\Lena\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
Task: {2EE637B7-D7B4-45EB-8B6E-3B7374FC167D} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {46C58825-2772-4A0E-8884-7F3D09A62E14} - System32\Tasks\VZZXGN => C:\ProgramData\4d0801eee76440b5aa8e9e9bd8f25f47\4d0801eee76440b5aa8e9e9bd8f25f47.exe [2015-04-02] ()
Task: {54C95428-DC2A-4849-BFD0-8207330992A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {6A02997A-7A0E-4CFF-9441-30302A1BD392} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-03] (Google Inc.)
Task: {6F52EA07-5F07-447D-B4FF-8E993B32ECDD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-13] (Microsoft Corporation)
Task: {90F7F862-9086-4FB5-BB72-257F3FC33904} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {A3C0A0C6-790F-467A-8620-52CCA4E6867F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {AF19EF05-DFB3-4015-ABD2-CAEA45303F4F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {D81196DE-41D0-4C4D-889B-5510AA787960} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {EE3680BB-A3D8-4FDA-93D0-E97956E362C4} - System32\Tasks\{64880DBA-0167-4B94-A9F5-94125B8E03E8} => pcalua.exe -a C:\Users\Lena\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=tugs
Task: {F086472C-AF6C-4833-B376-429F23FBB337} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLena.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\SpeedChecker Update.job => C:\Program Files (x86)\version91SpeedChecker\x2SpeedCheckerU19.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-04-17 15:38 - 2014-04-17 15:38 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-04-17 15:37 - 2014-04-17 15:37 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-04-05 09:58 - 2015-03-30 22:38 - 01530184 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-05 09:58 - 2015-03-30 22:38 - 00091976 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-05 09:58 - 2015-03-30 22:39 - 11266376 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-05 09:58 - 2015-03-30 22:39 - 26792264 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
2015-04-04 17:52 - 2015-04-04 17:52 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-04 17:52 - 2015-04-04 17:52 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-04 17:54 - 2015-04-04 17:54 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040400\algo.dll
2015-04-04 20:28 - 2015-04-04 20:28 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040401\algo.dll
2015-04-05 10:01 - 2015-04-05 10:01 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040500\algo.dll
2015-04-04 17:52 - 2015-04-04 17:52 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Lena\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Lena\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Fotogalerie-Hintergrundbild.jpg
DNS Servers: 192.168.0.1 - 192.168.0.2

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\...\StartupApproved\StartupFolder: => "hqghumeaylnlf.lnk"

==================== Accounts: =============================

Administrator (S-1-5-21-3163897636-2943637359-1939516349-500 - Administrator - Disabled)
Gast (S-1-5-21-3163897636-2943637359-1939516349-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3163897636-2943637359-1939516349-1004 - Limited - Enabled)
Lena (S-1-5-21-3163897636-2943637359-1939516349-1002 - Administrator - Enabled) => C:\Users\Lena

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2015 06:50:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 638

Startzeit: 01d06eeb9c1aba09

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 9e3f20f2-daea-11e4-826d-3464a97da0d4

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/04/2015 03:44:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: unicobrowser.exe, Version: 39.0.2132.8, Zeitstempel: 0x55097d22
Name des fehlerhaften Moduls: chrome.dll, Version: 39.0.2132.8, Zeitstempel: 0x550978fb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000733e9
ID des fehlerhaften Prozesses: 0x1158
Startzeit der fehlerhaften Anwendung: 0xunicobrowser.exe0
Pfad der fehlerhaften Anwendung: unicobrowser.exe1
Pfad des fehlerhaften Moduls: unicobrowser.exe2
Berichtskennung: unicobrowser.exe3
Vollständiger Name des fehlerhaften Pakets: unicobrowser.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: unicobrowser.exe5

Error: (04/03/2015 08:11:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13093

Error: (04/03/2015 08:11:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13093

Error: (04/03/2015 08:11:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/03/2015 08:05:06 PM) (Source: MsiInstaller) (EventID: 11309) (User: LENA)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (04/03/2015 08:00:31 PM) (Source: MsiInstaller) (EventID: 11309) (User: LENA)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (03/21/2015 02:36:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.17416 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 4b4

Startzeit: 01d063c493b1e429

Endzeit: 15

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID: d4865b98-cfc6-11e4-826b-3010b35a4920

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/21/2015 00:49:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: opbhobroker.exe, Version: 8.0.1.11, Zeitstempel: 0x5335c281
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x1408
Startzeit der fehlerhaften Anwendung: 0xopbhobroker.exe0
Pfad der fehlerhaften Anwendung: opbhobroker.exe1
Pfad des fehlerhaften Moduls: opbhobroker.exe2
Berichtskennung: opbhobroker.exe3
Vollständiger Name des fehlerhaften Pakets: opbhobroker.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: opbhobroker.exe5

Error: (03/21/2015 00:42:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.17416 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 19e0

Startzeit: 01d063bc53091d17

Endzeit: 15

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID: eb7dacf2-cfb6-11e4-826b-3010b35a4920

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (04/04/2015 08:30:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/04/2015 08:26:44 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (04/04/2015 06:27:36 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (04/04/2015 05:48:41 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (04/04/2015 05:48:41 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (04/04/2015 05:27:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/04/2015 05:24:37 PM) (Source: DCOM) (EventID: 10010) (User: LENA)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (04/04/2015 05:07:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070003 fehlgeschlagen: Microsoft.BingFoodAndDrink

Error: (04/04/2015 04:52:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240055 fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3035583)

Error: (04/04/2015 04:41:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (04/04/2015 06:50:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.1766763801d06eeb9c1aba090C:\Windows\Explorer.EXE9e3f20f2-daea-11e4-826d-3464a97da0d4

Error: (04/04/2015 03:44:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: unicobrowser.exe39.0.2132.855097d22chrome.dll39.0.2132.8550978fbc0000005000733e9115801d06edd22e163bbC:\Users\Lena\AppData\Local\UnicoBrowser\Application\unicobrowser.exeC:\Users\Lena\AppData\Local\UnicoBrowser\Application\39.0.2132.8\chrome.dllc5e1ae04-dad0-11e4-826b-3010b35a4920

Error: (04/03/2015 08:11:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13093

Error: (04/03/2015 08:11:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13093

Error: (04/03/2015 08:11:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/03/2015 08:05:06 PM) (Source: MsiInstaller) (EventID: 11309) (User: LENA)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/03/2015 08:00:31 PM) (Source: MsiInstaller) (EventID: 11309) (User: LENA)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/21/2015 02:36:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.174164b401d063c493b1e42915C:\Program Files\Internet Explorer\iexplore.exed4865b98-cfc6-11e4-826b-3010b35a4920

Error: (03/21/2015 00:49:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: opbhobroker.exe8.0.1.115335c281unknown0.0.0.000000000c00000050000000000000000140801d063bc571177bcC:\Program Files\Hewlett-Packard\SimplePass\opbhobroker.exeunknownf5c6405f-cfb7-11e4-826b-3010b35a4920

Error: (03/21/2015 00:42:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.1741619e001d063bc53091d1715C:\Program Files\Internet Explorer\iexplore.exeeb7dacf2-cfb6-11e4-826b-3010b35a4920


==================== Memory info =========================== 

Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics 
Percentage of memory in use: 49%
Total physical RAM: 3528.98 MB
Available physical RAM: 1796.65 MB
Total Pagefile: 4168.98 MB
Available Pagefile: 2008.48 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:913.81 GB) (Free:878.68 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:16.68 GB) (Free:1.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EAD2A2F5)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 05.04.2015, 11:27   #2
Phiyahless
 
DropperGen/Malware/Spyware - das volle Programm - Standard

-



Addition 1 und 2 von FRST und Malwarebytes

Ad1
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Lena at 2015-04-05 10:14:55
Running from C:\Users\Lena\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{7536C341-2F7D-EFE6-F521-DEBE68B025C5}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Documentation (HKLM-x32\...\{F29E3AA8-CF19-4452-92B7-F1FE31CD11C5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Ihr Firmenname)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0033 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7164 - Realtek Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.4.0 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-03-2015 18:33:15 Windows Update
04-04-2015 15:50:25 Removed Bonjour

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08E6DAD9-A9E4-4038-B4FC-BD53D8CB5719} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {0E72D7A4-B9F8-45FD-98E0-A1F36A1A7A08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-03] (Google Inc.)
Task: {0FDAE9A2-92E2-4570-A1BB-18EFDFAD84EF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-04] (Avast Software s.r.o.)
Task: {1DEC50FB-2955-42BC-9D6A-0E3BF5C4C9AA} - System32\Tasks\Run_Browser => C:\Users\Lena\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
Task: {2EE637B7-D7B4-45EB-8B6E-3B7374FC167D} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {46C58825-2772-4A0E-8884-7F3D09A62E14} - System32\Tasks\VZZXGN => C:\ProgramData\4d0801eee76440b5aa8e9e9bd8f25f47\4d0801eee76440b5aa8e9e9bd8f25f47.exe [2015-04-02] ()
Task: {54C95428-DC2A-4849-BFD0-8207330992A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {6A02997A-7A0E-4CFF-9441-30302A1BD392} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-03] (Google Inc.)
Task: {6F52EA07-5F07-447D-B4FF-8E993B32ECDD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-13] (Microsoft Corporation)
Task: {90F7F862-9086-4FB5-BB72-257F3FC33904} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {A3C0A0C6-790F-467A-8620-52CCA4E6867F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {AF19EF05-DFB3-4015-ABD2-CAEA45303F4F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {D81196DE-41D0-4C4D-889B-5510AA787960} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {EE3680BB-A3D8-4FDA-93D0-E97956E362C4} - System32\Tasks\{64880DBA-0167-4B94-A9F5-94125B8E03E8} => pcalua.exe -a C:\Users\Lena\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=tugs
Task: {F086472C-AF6C-4833-B376-429F23FBB337} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLena.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\SpeedChecker Update.job => C:\Program Files (x86)\version91SpeedChecker\x2SpeedCheckerU19.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-04-17 15:38 - 2014-04-17 15:38 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-04-17 15:37 - 2014-04-17 15:37 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-04-05 09:58 - 2015-03-30 22:38 - 01530184 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-05 09:58 - 2015-03-30 22:38 - 00091976 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-05 09:58 - 2015-03-30 22:39 - 11266376 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-05 09:58 - 2015-03-30 22:39 - 26792264 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
2015-04-04 17:52 - 2015-04-04 17:52 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-04 17:52 - 2015-04-04 17:52 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-04 17:54 - 2015-04-04 17:54 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040400\algo.dll
2015-04-04 20:28 - 2015-04-04 20:28 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040401\algo.dll
2015-04-05 10:01 - 2015-04-05 10:01 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040500\algo.dll
2015-04-04 17:52 - 2015-04-04 17:52 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Lena\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Lena\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Fotogalerie-Hintergrundbild.jpg
DNS Servers: 192.168.0.1 - 192.168.0.2

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\...\StartupApproved\StartupFolder: => "hqghumeaylnlf.lnk"

==================== Accounts: =============================

Administrator (S-1-5-21-3163897636-2943637359-1939516349-500 - Administrator - Disabled)
Gast (S-1-5-21-3163897636-2943637359-1939516349-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3163897636-2943637359-1939516349-1004 - Limited - Enabled)
Lena (S-1-5-21-3163897636-2943637359-1939516349-1002 - Administrator - Enabled) => C:\Users\Lena

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2015 06:50:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 638

Startzeit: 01d06eeb9c1aba09

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 9e3f20f2-daea-11e4-826d-3464a97da0d4

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/04/2015 03:44:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: unicobrowser.exe, Version: 39.0.2132.8, Zeitstempel: 0x55097d22
Name des fehlerhaften Moduls: chrome.dll, Version: 39.0.2132.8, Zeitstempel: 0x550978fb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000733e9
ID des fehlerhaften Prozesses: 0x1158
Startzeit der fehlerhaften Anwendung: 0xunicobrowser.exe0
Pfad der fehlerhaften Anwendung: unicobrowser.exe1
Pfad des fehlerhaften Moduls: unicobrowser.exe2
Berichtskennung: unicobrowser.exe3
Vollständiger Name des fehlerhaften Pakets: unicobrowser.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: unicobrowser.exe5

Error: (04/03/2015 08:11:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13093

Error: (04/03/2015 08:11:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13093

Error: (04/03/2015 08:11:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/03/2015 08:05:06 PM) (Source: MsiInstaller) (EventID: 11309) (User: LENA)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (04/03/2015 08:00:31 PM) (Source: MsiInstaller) (EventID: 11309) (User: LENA)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (03/21/2015 02:36:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.17416 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 4b4

Startzeit: 01d063c493b1e429

Endzeit: 15

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID: d4865b98-cfc6-11e4-826b-3010b35a4920

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/21/2015 00:49:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: opbhobroker.exe, Version: 8.0.1.11, Zeitstempel: 0x5335c281
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x1408
Startzeit der fehlerhaften Anwendung: 0xopbhobroker.exe0
Pfad der fehlerhaften Anwendung: opbhobroker.exe1
Pfad des fehlerhaften Moduls: opbhobroker.exe2
Berichtskennung: opbhobroker.exe3
Vollständiger Name des fehlerhaften Pakets: opbhobroker.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: opbhobroker.exe5

Error: (03/21/2015 00:42:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.17416 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 19e0

Startzeit: 01d063bc53091d17

Endzeit: 15

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID: eb7dacf2-cfb6-11e4-826b-3010b35a4920

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (04/04/2015 08:30:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/04/2015 08:26:44 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (04/04/2015 06:27:36 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (04/04/2015 05:48:41 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (04/04/2015 05:48:41 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (04/04/2015 05:27:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/04/2015 05:24:37 PM) (Source: DCOM) (EventID: 10010) (User: LENA)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (04/04/2015 05:07:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070003 fehlgeschlagen: Microsoft.BingFoodAndDrink

Error: (04/04/2015 04:52:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240055 fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3035583)

Error: (04/04/2015 04:41:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (04/04/2015 06:50:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.1766763801d06eeb9c1aba090C:\Windows\Explorer.EXE9e3f20f2-daea-11e4-826d-3464a97da0d4

Error: (04/04/2015 03:44:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: unicobrowser.exe39.0.2132.855097d22chrome.dll39.0.2132.8550978fbc0000005000733e9115801d06edd22e163bbC:\Users\Lena\AppData\Local\UnicoBrowser\Application\unicobrowser.exeC:\Users\Lena\AppData\Local\UnicoBrowser\Application\39.0.2132.8\chrome.dllc5e1ae04-dad0-11e4-826b-3010b35a4920

Error: (04/03/2015 08:11:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13093

Error: (04/03/2015 08:11:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13093

Error: (04/03/2015 08:11:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/03/2015 08:05:06 PM) (Source: MsiInstaller) (EventID: 11309) (User: LENA)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/03/2015 08:00:31 PM) (Source: MsiInstaller) (EventID: 11309) (User: LENA)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/21/2015 02:36:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.174164b401d063c493b1e42915C:\Program Files\Internet Explorer\iexplore.exed4865b98-cfc6-11e4-826b-3010b35a4920

Error: (03/21/2015 00:49:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: opbhobroker.exe8.0.1.115335c281unknown0.0.0.000000000c00000050000000000000000140801d063bc571177bcC:\Program Files\Hewlett-Packard\SimplePass\opbhobroker.exeunknownf5c6405f-cfb7-11e4-826b-3010b35a4920

Error: (03/21/2015 00:42:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.1741619e001d063bc53091d1715C:\Program Files\Internet Explorer\iexplore.exeeb7dacf2-cfb6-11e4-826b-3010b35a4920


==================== Memory info =========================== 

Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics 
Percentage of memory in use: 49%
Total physical RAM: 3528.98 MB
Available physical RAM: 1796.65 MB
Total Pagefile: 4168.98 MB
Available Pagefile: 2008.48 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:913.81 GB) (Free:878.68 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:16.68 GB) (Free:1.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EAD2A2F5)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
ad2

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Lena (administrator) on LENA on 05-04-2015 10:13:32
Running from C:\Users\Lena\Desktop
Loaded Profiles: Lena (Available profiles: Lena)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7535832 2014-02-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2803440 2013-12-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [gmsd_de_370] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-04] (Avast Software s.r.o.)
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{9bb832fb-83cc-0e4c-9bb8-832fb83ccbee}\hqghumeaylnlf.exe (PC Utilities Software Limited)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1428084012&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1428084012&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}
SearchScopes: HKLM -> {EE60B551-6ECC-4D1A-900A-974375B39DDC} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {EE60B551-6ECC-4D1A-900A-974375B39DDC} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&ts=1428084035&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&ts=1428084035&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1428084012&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&ts=1428084035&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {EE60B551-6ECC-4D1A-900A-974375B39DDC} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&ts=1428084035&type=default&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-04] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-04] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX

FireFox:
========
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-03] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-04]

Chrome: 
=======
CHR HomePage: Default -> https://www.google.de/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8m
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hppp&ts=1428084012&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-03]
CHR Extension: (Google Docs) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-03]
CHR Extension: (Google Drive) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-03]
CHR Extension: (YouTube) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-03]
CHR Extension: (Adblock Plus) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-05]
CHR Extension: (Google Search) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-03]
CHR Extension: (Google Sheets) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-03]
CHR Extension: (Browser Good) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdlnhhdbgjcpikdcdnllgdmlonnggaab [2015-04-04]
CHR Extension: (Avast Online Security) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-03]
CHR Extension: (Google Wallet) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-03]
CHR Extension: (Gmail) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-17] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-04] (Avast Software s.r.o.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158816 2015-03-16] (XTab system)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-02-13] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-25] (Advanced Micro Devices, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-04-03] (SysTool PasSame LIMITED)
S2 AtherosSvc; "C:\Program Files (x86)\Bluetooth Suite\adminservice.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-25] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-25] (Advanced Micro Devices, Inc. )
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-04] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-04] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-04] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-04] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-04] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-04] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 10:13 - 2015-04-05 10:14 - 00017596 _____ () C:\Users\Lena\Desktop\FRST.txt
2015-04-05 10:13 - 2015-04-05 10:13 - 00000000 ____D () C:\FRST
2015-04-05 10:11 - 2015-04-05 10:11 - 02095616 _____ (Farbar) C:\Users\Lena\Desktop\FRST64.exe
2015-04-05 10:09 - 2015-04-05 10:09 - 00000470 _____ () C:\Users\Lena\Downloads\defogger_disable.log
2015-04-05 10:09 - 2015-04-05 10:09 - 00000000 _____ () C:\Users\Lena\defogger_reenable
2015-04-05 10:07 - 2015-04-05 10:07 - 00050477 _____ () C:\Users\Lena\Downloads\Defogger.exe
2015-04-05 09:58 - 2015-04-05 09:58 - 00002278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-05 09:58 - 2015-04-05 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-04 20:28 - 2015-04-04 20:28 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-04-04 17:53 - 2015-04-04 17:53 - 00001945 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-04 17:53 - 2015-04-04 17:53 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\AVAST Software
2015-04-04 17:53 - 2015-04-04 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-04 17:52 - 2015-04-04 17:52 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-04 17:52 - 2015-04-04 17:52 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-04 17:52 - 2015-04-04 17:52 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-04 17:52 - 2015-04-04 17:51 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-04 17:51 - 2015-04-04 17:51 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-04 17:50 - 2015-04-04 17:50 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\rddcvtpk.sys
2015-04-04 17:50 - 2015-04-04 17:50 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-04 17:41 - 2015-04-04 17:42 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2015-04-04 17:41 - 2015-04-04 17:41 - 00000000 ____D () C:\Windows\Options
2015-04-04 17:41 - 2013-10-17 02:46 - 03858944 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athwbx.sys
2015-04-04 17:25 - 2015-04-04 17:25 - 00000000 ____D () C:\Windows\LastGood.Tmp
2015-04-04 17:22 - 2015-04-04 17:22 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\WinRAR
2015-04-04 17:22 - 2015-04-04 17:22 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-04 17:22 - 2015-04-04 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-04 17:21 - 2015-04-04 17:22 - 00000000 ____D () C:\Program Files\WinRAR
2015-04-04 17:16 - 2015-04-04 17:18 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
2015-04-04 17:16 - 2015-04-04 17:16 - 00000000 ____D () C:\Users\Lena\AppData\Local\DriverToolkit
2015-04-04 17:06 - 2015-04-04 20:34 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 17:06 - 2015-04-04 17:06 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 16:51 - 2015-04-04 17:07 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-04 16:12 - 2015-04-04 16:12 - 00000000 ____D () C:\ProgramData\8bdda2ae000015df
2015-04-04 16:07 - 2015-04-04 16:07 - 00003136 _____ () C:\Windows\System32\Tasks\{64880DBA-0167-4B94-A9F5-94125B8E03E8}
2015-04-04 15:52 - 2015-04-04 19:30 - 00000000 ____D () C:\Program Files (x86)\Browser Good
2015-04-04 15:48 - 2015-03-11 04:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 00943104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-04 15:41 - 2015-04-04 16:04 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-03 20:10 - 2015-04-03 20:10 - 00000452 _____ () C:\Windows\Tasks\SpeedChecker Update.job
2015-04-03 20:10 - 2015-04-03 20:10 - 00000000 ____D () C:\Users\Lena\Documents\Optimizer Pro
2015-04-03 20:08 - 2015-04-04 15:42 - 00000000 ____D () C:\ProgramData\{9bb832fb-83cc-0e4c-9bb8-832fb83ccbee}
2015-04-03 20:03 - 2015-04-04 16:41 - 00000000 ___HD () C:\Users\Public\Temp
2015-04-03 20:02 - 2015-04-03 20:02 - 00000000 ____D () C:\Users\Lena\AppData\Local\Crossbrowse
2015-04-03 20:01 - 2015-04-03 20:01 - 00003152 _____ () C:\Windows\System32\Tasks\Run_Browser
2015-04-03 20:00 - 2015-04-05 09:53 - 00000918 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-04-03 20:00 - 2015-04-04 19:32 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-04-03 20:00 - 2015-04-03 20:10 - 00000922 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-04-03 20:00 - 2015-04-03 20:05 - 00003894 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-04-03 20:00 - 2015-04-03 20:05 - 00003658 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-04-03 20:00 - 2015-04-03 20:00 - 00000000 ____D () C:\Users\Lena\AppData\Local\globalUpdate
2015-04-03 20:00 - 2015-04-03 20:00 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-04-03 20:00 - 2015-04-03 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-04-03 20:00 - 2015-04-03 20:00 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-04-03 19:59 - 2015-04-03 20:04 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-03 19:59 - 2015-04-03 20:04 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-03 19:59 - 2015-04-03 20:04 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-03 19:59 - 2015-04-03 20:04 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-03 19:59 - 2015-04-03 19:59 - 00003546 _____ () C:\Windows\System32\Tasks\VZZXGN
2015-04-03 19:58 - 2015-04-04 16:07 - 00000000 ____D () C:\ProgramData\LolliScan
2015-04-03 19:58 - 2015-04-03 20:02 - 00000000 ____D () C:\Users\Lena\AppData\Local\Google
2015-04-03 19:58 - 2015-04-03 20:02 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-03 19:58 - 2015-04-03 19:58 - 00000000 ____D () C:\ProgramData\7b2a98c5c3a9485689cfb0f9c7e387ba
2015-04-03 19:58 - 2015-04-03 19:58 - 00000000 ____D () C:\ProgramData\4d0801eee76440b5aa8e9e9bd8f25f47
2015-04-03 19:43 - 2015-04-03 19:43 - 00000000 __SHD () C:\Users\Lena\AppData\Local\EmieBrowserModeList
2015-03-26 21:14 - 2015-04-04 19:43 - 00000385 _____ () C:\Users\Lena\AppData\Roaming\XQZHZAT
2015-03-13 18:32 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-13 18:32 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-13 18:32 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-13 18:32 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-13 18:32 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-03-13 18:32 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-13 18:32 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-03-13 18:31 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 18:31 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-13 18:31 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-13 18:31 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 18:31 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 18:31 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-13 18:31 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-13 18:31 - 2015-02-07 01:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-13 18:31 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-13 18:31 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-03-13 18:31 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-13 18:31 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-03-13 18:31 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-13 18:31 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-13 18:31 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-03-13 18:31 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-13 18:31 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2015-03-13 18:31 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-13 18:31 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-13 18:31 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-03-13 18:31 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-03-13 18:31 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-03-13 18:31 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-13 18:31 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-03-13 18:31 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-13 18:31 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-13 18:31 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-13 18:31 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-13 18:31 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-13 18:31 - 2014-10-29 04:49 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-13 18:31 - 2014-10-29 04:46 - 00081920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2015-03-13 18:31 - 2014-10-29 04:46 - 00053248 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2015-03-13 18:31 - 2014-10-29 04:45 - 01198080 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-03-13 18:31 - 2014-10-29 04:44 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-13 18:31 - 2014-10-29 04:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-13 18:31 - 2014-10-29 04:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\printui.exe
2015-03-13 18:31 - 2014-10-29 04:34 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-03-13 18:31 - 2014-10-29 04:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll
2015-03-13 18:31 - 2014-10-29 04:04 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-13 18:31 - 2014-10-29 04:03 - 00241152 ____C (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
2015-03-13 18:31 - 2014-10-29 04:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-13 18:31 - 2014-10-29 04:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-13 18:31 - 2014-10-29 03:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.exe
2015-03-13 18:31 - 2014-10-29 03:52 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2015-03-13 18:31 - 2014-10-29 03:51 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-03-13 18:31 - 2014-10-29 03:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2015-03-13 18:31 - 2014-10-29 03:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findnetprinters.dll
2015-03-13 18:31 - 2014-10-29 03:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\atlthunk.dll
2015-03-13 18:31 - 2014-10-29 03:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-03-13 18:31 - 2014-10-29 03:15 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2015-03-13 18:31 - 2014-10-29 02:55 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2015-03-13 18:31 - 2014-10-29 02:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2015-03-13 18:31 - 2014-10-29 02:41 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2015-03-13 18:31 - 2014-10-29 02:35 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2015-03-13 18:30 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-13 18:30 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-13 18:30 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-13 18:30 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-03-13 18:30 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-13 18:30 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-13 18:30 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-13 18:30 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-13 18:30 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-13 18:30 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-13 18:30 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-13 18:30 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-13 18:30 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-13 18:30 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-13 18:30 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-13 18:30 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-13 18:30 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-13 18:30 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-13 18:30 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-13 18:30 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-13 18:30 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-13 18:30 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-13 18:30 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-13 18:30 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-13 18:30 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-13 18:30 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-13 18:30 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-13 18:30 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-03-13 18:30 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-13 18:30 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-03-13 18:30 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-13 18:30 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-13 18:30 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-13 18:30 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-13 18:30 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-13 18:30 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-13 18:30 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-13 18:30 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-13 18:30 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-13 18:30 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-13 18:30 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-13 18:30 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-13 18:30 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-13 18:30 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-13 18:30 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-13 18:30 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-13 18:30 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-13 18:30 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-13 18:30 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 18:30 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-13 18:30 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-13 18:30 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-13 18:30 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-13 18:30 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-13 18:30 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-13 18:30 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 18:30 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-13 18:30 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-03-13 18:30 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-13 18:30 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-03-13 18:30 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-13 18:30 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-13 18:30 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-13 18:30 - 2014-10-29 05:56 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-13 18:30 - 2014-10-29 04:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2015-03-13 18:30 - 2014-10-29 04:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2015-03-13 18:30 - 2014-10-29 04:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2015-03-13 18:30 - 2014-10-29 03:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll
2015-03-13 18:30 - 2014-10-29 03:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-03-13 18:30 - 2014-10-29 02:59 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll
2015-03-13 18:30 - 2014-10-29 02:55 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-03-13 18:29 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-13 18:29 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-03-13 18:29 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 18:29 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-13 18:29 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-13 18:29 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-03-13 18:29 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 18:29 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-09 21:00 - 2015-03-03 15:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-06 16:08 - 2015-03-06 16:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 10:12 - 2014-12-04 20:31 - 01124839 _____ () C:\Windows\WindowsUpdate.log
2015-04-05 10:09 - 2014-12-04 20:41 - 00000000 ____D () C:\Users\Lena
2015-04-05 10:03 - 2014-12-04 20:47 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3163897636-2943637359-1939516349-1002
2015-04-05 10:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-05 09:56 - 2014-12-04 20:46 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DA146DF6-84F2-44EC-AE01-834C2EFCE954}
2015-04-05 09:53 - 2014-12-04 20:45 - 00000000 __RDO () C:\Users\Lena\OneDrive
2015-04-04 20:32 - 2014-05-07 04:46 - 00800954 _____ () C:\Windows\system32\perfh007.dat
2015-04-04 20:32 - 2014-05-07 04:46 - 00174458 _____ () C:\Windows\system32\perfc007.dat
2015-04-04 20:32 - 2014-03-18 11:53 - 01921090 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-04 20:29 - 2014-09-10 02:45 - 00667834 _____ () C:\Windows\SysWOW64\rootpa.e2e
2015-04-04 20:28 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 20:27 - 2013-08-22 16:46 - 00029592 _____ () C:\Windows\setupact.log
2015-04-04 19:14 - 2014-09-10 02:36 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-04-04 19:14 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-04 18:44 - 2013-08-22 15:25 - 00000226 _____ () C:\Windows\win.ini
2015-04-04 17:46 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-04-04 17:41 - 2014-05-06 19:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-04 17:40 - 2014-04-01 03:07 - 00000000 ____D () C:\SWSetup
2015-04-04 17:26 - 2014-09-10 02:38 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-04-04 17:25 - 2014-03-18 11:44 - 00015490 _____ () C:\Windows\PFRO.log
2015-04-04 17:07 - 2014-12-27 17:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-04 17:07 - 2014-12-27 17:52 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-04 17:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-04 16:41 - 2013-10-02 23:14 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-04-04 16:39 - 2014-09-10 02:45 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-04 16:39 - 2014-09-10 02:45 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-04-04 16:38 - 2013-08-22 16:44 - 00338016 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-04 16:28 - 2014-05-06 19:47 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-04-04 16:28 - 2014-05-06 19:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-04-04 16:27 - 2014-05-06 20:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-04-04 16:26 - 2014-12-06 09:53 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\hpqlog
2015-04-04 16:23 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-04-04 16:19 - 2014-09-10 02:35 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-04-04 16:18 - 2014-12-04 20:41 - 00001461 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-04 16:02 - 2014-09-10 02:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-04-04 16:01 - 2014-09-10 02:50 - 00000000 ____D () C:\ProgramData\CyberLink
2015-04-04 16:00 - 2014-05-06 19:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-04-04 15:43 - 2014-12-04 20:43 - 00000000 ____D () C:\Users\Lena\Documents\Youcam
2015-03-20 18:16 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-13 18:45 - 2014-12-27 17:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-13 18:43 - 2014-12-27 17:28 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-03-26 21:14 - 2015-04-04 19:43 - 0000385 _____ () C:\Users\Lena\AppData\Roaming\XQZHZAT

Some content of TEMP:
====================
C:\Users\Lena\AppData\Local\Temp\81A289CB-919E-62E2-27CC-59E542698677.dll
C:\Users\Lena\AppData\Local\Temp\optprosetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 16:50

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________


Alt 05.04.2015, 11:28   #3
Phiyahless
 
DropperGen/Malware/Spyware - das volle Programm - Standard

-



MBAM

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 05.04.2015
Suchlauf-Zeit: 10:27:33
Logdatei: MBAM1.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.05.01
Rootkit Datenbank: v2015.03.31.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Lena

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 330926
Verstrichene Zeit: 28 Min, 12 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 2
PUP.Optional.Protect, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1464, , [08eda7c19ceeac8ae7a8df0b9f66c33d]
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, 2104, , [94614d1bee9c0c2a365614fec9398080]

Module: 2
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [6e872345058575c1807c7e4707fc748c], 

Registrierungsschlüssel: 48
PUP.Optional.Protect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, , [08eda7c19ceeac8ae7a8df0b9f66c33d], 
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, , [94614d1bee9c0c2a365614fec9398080], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [896cd98f008aff3735d4adc0976c7d83], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [896cd98f008aff3735d4adc0976c7d83], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [896cd98f008aff3735d4adc0976c7d83], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [9b5a9fc98802270fb0e6fc3cb64d30d0], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [9b5a9fc98802270fb0e6fc3cb64d30d0], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [9b5a9fc98802270fb0e6fc3cb64d30d0], 
PUP.Optional.LolliScan.A, HKLM\SOFTWARE\LolliScan, , [6293bcac2d5dd95d8c89fec2b15218e8], 
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\Browser Good, , [3bbaee7abcceb581daac3395eb189c64], 
PUP.Optional.Crossbrowse.A, HKLM\SOFTWARE\WOW6432NODE\Crossbrowse, , [6e874226e4a691a5c06811a5fb08639d], 
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, , [80755d0b602a75c107f421a4df2412ee], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, , [e2131c4ce4a60b2b2802ec1c16ee936d], 
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, , [a35274f477131b1b1e9bb22a11f2bb45], 
PUP.Optional.LolliScan.A, HKLM\SOFTWARE\WOW6432NODE\LolliScan, , [39bca4c41e6cdc5a977ed6ea56ad2bd5], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajIntEnhance, , [6d88f177f99177bf8d917e44bb4839c7], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, , [d91c491f98f2a98deab3fde5e91ab64a], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, , [05f099cfbcce6bcb4aaf8b33d033a957], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, , [0ee7a3c53654e94d8771c0fed82b44bc], 
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, , [c33263054f3b0b2bad6b01cdd52e4eb2], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, , [39bc1454187258dea84e6b530bf88080], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, , [b83d4127593186b09a725ae532d3da26], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, , [44b19ccc7c0ebb7b4cc163dc8184fd03], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, , [a55012569ded48eeb965ecef61a29f61], 
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, , [7382cc9cc2c8290d903065e3f213cd33], 
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [6095c1a7335777bfbfef6a66e41f21df], 
PUP.Optional.ICinema.A, HKU\S-1-5-18\SOFTWARE\I - Cinema-nv, , [a84d07614e3cd95d0927f4e917ecd729], 
PUP.Optional.ICinema.A, HKU\S-1-5-18\SOFTWARE\I - Cinema-nv-ie, , [2fc6bbad2b5f1e185fd1607d758e926e], 
PUP.Optional.BrowserGood.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\Browser Good, , [4fa6e8802f5b92a46f18d7f1ef146c94], 
PUP.Optional.Crossbrowse.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\Crossbrowse, , [a4513137d4b6ba7c81a6ded8679c4bb5], 
PUP.Optional.HomeTab.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\HomeTab, , [b144f474b3d7e35307b77379cb3825db], 
PUP.Optional.ICinema.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\I - Cinema-nv-ie, , [d81da6c29af0df571b1506d7bc4710f0], 
PUP.Optional.ICinema.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\I-Cinema, , [b04580e8fd8de254710249929172c040], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\SearchProtectWS, , [92637bed098175c15e9d05b9db287090], 
PUP.Optional.TNT.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\TNT2, , [7580e286cac031058e43a61ace35db25], 
PUP.Optional.UnicoBrowser.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\UnicoBrowser, , [1adbd494a1e97eb82ba9fdb9649f15eb], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\WajIntEnhance, , [b441fb6d24665ed84fd0685a0df632ce], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [599c5216850541f5c2652f028382a55b], 
PUP.Optional.MultiIE.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, , [b441b3b5cfbbd264a5821525838259a7], 
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, , [d223145405859b9b529b496ced1649b7], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, , [5a9b69ff0981b086fa284b7023e0a060], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, , [7c7976f2cdbd280ee142b3088b78b749], 
PUP.Optional.Linkey.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, , [9f56ce9a5c2e60d6b27205b6897a55ab], 
PUP.Optional.Vosteran.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, , [52a31751048642f4d74ea219996a37c9], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, , [a84d8fd963275fd78a9c5d5e31d246ba], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, , [f500b8b055355dd9a552f2cce71cda26], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [44b1c6a2652560d6986ea7f0c93a52ae], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [44b1c6a2652560d6986ea7f0c93a52ae], 

Registrierungswerte: 14
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}, , [0fe65a0ed0ba0d29cc74ae9d679ec13f]
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, , [d91c491f98f2a98deab3fde5e91ab64a]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}, , [e2135b0d7d0d82b42020381309fc5ca4]
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_de_370, , [4ea75a0e3c4e092db7f06d5d3bc88779], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, tugs, , [a55012569ded48eeb965ecef61a29f61]
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, 47436038-CE1B-4D12-BEDA-F5237611F7AF, , [7382cc9cc2c8290d903065e3f213cd33]
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, IE, , [d223145405859b9b529b496ced1649b7]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&ts=1428084035&type=default&q={searchTerms}, , [5e9727415535c86e66d9b5961bea56aa]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&ts=1428084035&type=default&q={searchTerms}, , [b4411553365441f5d966a4a7d82dcf31]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, hxxp://www.istartsurf.com//favicon.ico, , [8e67c1a728622a0c0936391245c0649c]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.istartsurf.com/web/?type=dspp&ts=1428084012&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}, , [0de89fc907834ee897a8e06b21e4bd43]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|TopResultURL, hxxp://www.istartsurf.com/web/?type=ds&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}, , [b63fbdab286251e5be81e269679e11ef]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&ts=1428084035&type=default&q={searchTerms}, , [a45181e754363204ca7557f454b1af51]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EE60B551-6ECC-4D1A-900A-974375B39DDC}|URL, hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&ts=1428084035&type=default&q={searchTerms}, , [be372345325873c39aa5d97258ad8b75]

Registrierungsdaten: 7
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX),,[44b140288efcae88f65a529b44c121df]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}),,[cf26c2a65f2b6cca4d836b8062a351af]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hppp&ts=1428084012&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hppp&ts=1428084012&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX),,[17de234590fa280e13bdb338788d7090]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hppp&ts=1428084012&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hppp&ts=1428084012&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX),,[4ea71f49117956e024ac30bb5aabaa56]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}),,[0beadd8ba0ea51e5cc0405e6877e8878]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[579e79ef7515e84e6461e90e21e42cd4]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1428083957&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX),,[04f16107305ae056c68a19d423e219e7]

Ordner: 100
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, , [5b9af3752e5cfb3b7745cbcac04329d7], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, , [5b9af3752e5cfb3b7745cbcac04329d7], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.278745, , [44b1c6a2652560d6986ea7f0c93a52ae], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.358203, , [d5208fd9d3b7e0566b9bb4e39f64ab55], 
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good, , [a45170f85733da5c5fcd00aa41c2a55b], 
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin, , [a45170f85733da5c5fcd00aa41c2a55b], 
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\plugins, , [a45170f85733da5c5fcd00aa41c2a55b], 
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\TEMP, , [a45170f85733da5c5fcd00aa41c2a55b], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, , [23d26107e3a7af8775ded3d93bc846ba], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, , [23d26107e3a7af8775ded3d93bc846ba], 
PUP.Optional.BrowserGood.A, C:\Users\Lena\AppData\Local\Temp\Browser Good, , [e60f74f45e2c71c55697cfe05aa99c64], 
PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan, , [09ec5c0c22681026dd6fe2ce679c22de], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Cache, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extension Rules, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extension State, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\css, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\html, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\bg, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ca, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\cs, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\da, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\de, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\el, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\en, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\en_GB, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\es, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\es_419, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\et, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fi, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fil, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fr, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hi, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hr, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hu, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\id, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\it, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ja, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ko, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\lt, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\lv, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\nb, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\nl, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pl, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pt_BR, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pt_PT, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ro, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ru, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sk, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sl, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sr, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sv, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\th, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\tr, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\uk, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\vi, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\zh_CN, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\zh_TW, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_metadata, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Session Storage, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\GPUCache, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\JumpListIcons, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\JumpListIconsOld, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Local Extension Settings, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Local Storage, , [1cd9c8a00288eb4bf474feb604ffea16], 

Dateien: 238
PUP.Optional.Protect, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, , [08eda7c19ceeac8ae7a8df0b9f66c33d], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, , [94614d1bee9c0c2a365614fec9398080], 
PUP.Optional.JellySplit.Gen, C:\ProgramData\4d0801eee76440b5aa8e9e9bd8f25f47\4d0801eee76440b5aa8e9e9bd8f25f47.exe, , [14e16dfbd1b9a88e2c9554e7e121ba46], 
PUP.Optional.OptimizerPro, C:\ProgramData\{9bb832fb-83cc-0e4c-9bb8-832fb83ccbee}\hqghumeaylnlf.exe, , [1adb51173c4ed0666d5ab68ab44e9b65], 
PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, , [f8fda2c6375347ef39290b6440c0c040], 
PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, , [5e974523d5b582b494ce026df010eb15], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\XTab\CmdShell.exe, , [3cb906627c0e2511f29f4f9ba56056aa], 
PUP.Optional.ELEX, C:\Program Files (x86)\XTab\HPNotify.exe, , [d5202d3bcbbfed495d2a6cc7966c926e], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\XTab\IeWatchDog.dll, , [46af3632ed9d7fb7abe576744db86b95], 
PUP.Optional.SystemNotifier.A, C:\Users\Lena\AppData\Local\Temp\445b8bd4-42a8-4066-9935-0194163e6589\mini_installer.exe, , [0ee7036599f16cca98a645ec917557a9], 
PUP.Optional.Clara.A, C:\Users\Lena\AppData\Local\Temp\648f18bd-a7b4-474c-b6d5-7fcc9b65550f\unicobrowser.exe, , [d124c1a7e4a6f442065319c8ac55ac54], 
PUP.Optional.CrossRider, C:\Users\Lena\AppData\Local\Temp\DwlTempFolder\temp.exe, , [f4011c4c71190b2bb60b05dd4ab7926e], 
PUP.Optional.IStartsurf.A, C:\Users\Lena\AppData\Local\Temp\b0df2015-8e2b-4c21-a386-47113d051295\lly_istartsurf.exe, , [3fb6c4a41c6e1323697e949c3cca37c9], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\install.data, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\searchProvider.xml, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, , [6e872345058575c1807c7e4707fc748c], 
PUP.Optional.SpeedChecker.A, C:\Windows\Tasks\SpeedChecker Update.job, , [2fc6cb9df89239fdee4536a1ae557a86], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, , [17de8fd953370630dd301b2222e3f30d], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, , [a45165039befbf77d8360a3394714fb1], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, , [10e5571137530c2a739c15282bda9d63], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, , [2fc6a1c7fd8d989e937d221b23e2857b], 
PUP.Optional.IStartSurf.A, C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage, , [40b5194f84063ff7a60aab9dfa0b926e], 
PUP.Optional.IStartSurf.A, C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage-journal, , [b63fa8c0a2e893a3cbe52424a560f20e], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, , [5b9af3752e5cfb3b7745cbcac04329d7], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.278745\GoogleCrashHandler.exe, , [44b1c6a2652560d6986ea7f0c93a52ae], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.278745\GoogleUpdate.exe, , [44b1c6a2652560d6986ea7f0c93a52ae], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.278745\GoogleUpdateBroker.exe, , [44b1c6a2652560d6986ea7f0c93a52ae], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.278745\GoogleUpdateHelper.msi, , [44b1c6a2652560d6986ea7f0c93a52ae], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.278745\GoogleUpdateOnDemand.exe, , [44b1c6a2652560d6986ea7f0c93a52ae], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.278745\goopdate.dll, , [44b1c6a2652560d6986ea7f0c93a52ae], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.278745\goopdateres_en.dll, , [44b1c6a2652560d6986ea7f0c93a52ae], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.278745\npGoogleUpdate4.dll, , [44b1c6a2652560d6986ea7f0c93a52ae], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.278745\psmachine.dll, , [44b1c6a2652560d6986ea7f0c93a52ae], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.278745\psuser.dll, , [44b1c6a2652560d6986ea7f0c93a52ae], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.358203\GoogleCrashHandler.exe, , [d5208fd9d3b7e0566b9bb4e39f64ab55], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.358203\GoogleUpdate.exe, , [d5208fd9d3b7e0566b9bb4e39f64ab55], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.358203\GoogleUpdateBroker.exe, , [d5208fd9d3b7e0566b9bb4e39f64ab55], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.358203\GoogleUpdateHelper.msi, , [d5208fd9d3b7e0566b9bb4e39f64ab55], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.358203\GoogleUpdateOnDemand.exe, , [d5208fd9d3b7e0566b9bb4e39f64ab55], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.358203\goopdate.dll, , [d5208fd9d3b7e0566b9bb4e39f64ab55], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.358203\goopdateres_en.dll, , [d5208fd9d3b7e0566b9bb4e39f64ab55], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.358203\npGoogleUpdate4.dll, , [d5208fd9d3b7e0566b9bb4e39f64ab55], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.358203\psmachine.dll, , [d5208fd9d3b7e0566b9bb4e39f64ab55], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.358203\psuser.dll, , [d5208fd9d3b7e0566b9bb4e39f64ab55], 
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\BrowserGood.ico, , [a45170f85733da5c5fcd00aa41c2a55b], 
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\gdlnhhdbgjcpikdcdnllgdmlonnggaab.crx, , [a45170f85733da5c5fcd00aa41c2a55b], 
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\updateBrowserGood.InstallState, , [a45170f85733da5c5fcd00aa41c2a55b], 
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\BrowserAdapter.7z, , [a45170f85733da5c5fcd00aa41c2a55b], 
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\7za.exe, , [a45170f85733da5c5fcd00aa41c2a55b], 
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\BrowserGood.expext.zip, , [a45170f85733da5c5fcd00aa41c2a55b], 
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\BrowserGood.PurBrowseG.zip, , [a45170f85733da5c5fcd00aa41c2a55b], 
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\eula.txt, , [a45170f85733da5c5fcd00aa41c2a55b], 
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\sqlite3.dll, , [a45170f85733da5c5fcd00aa41c2a55b], 
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.InstallState, , [a45170f85733da5c5fcd00aa41c2a55b], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, , [23d26107e3a7af8775ded3d93bc846ba], 
PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\SoftConfigTest.exe, , [09ec5c0c22681026dd6fe2ce679c22de], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\chrome.dat, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\First Run, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Local State, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Cookies, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Cookies-journal, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Current Session, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Current Tabs, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Favicons, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Favicons-journal, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Google Profile.ico, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Preferences, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\README, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Secure Preferences, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Shortcuts, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Shortcuts-journal, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Top Sites, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Top Sites-journal, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Visited Links, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Web Data, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Web Data-journal, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\History, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\History Provider Cache, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\History-journal, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Last Session, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Last Tabs, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Login Data, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Login Data-journal, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Network Action Predictor, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Network Action Predictor-journal, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Cache\data_0, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Cache\data_1, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Cache\data_2, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Cache\data_3, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Cache\index, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extension Rules\000006.log, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extension Rules\CURRENT, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extension Rules\LOCK, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extension Rules\LOG, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extension Rules\LOG.old, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extension Rules\MANIFEST-000004, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extension State\000005.ldb, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extension State\000006.log, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extension State\CURRENT, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extension State\LOCK, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extension State\LOG, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extension State\LOG.old, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extension State\MANIFEST-000004, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\craw_background.js, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\craw_window.js, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\manifest.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\css\craw_window.css, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\html\craw_window.html, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\flapper.gif, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\icon_128.png, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\icon_16.png, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\topbar_floating_button.png, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\topbar_floating_button_close.png, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\topbar_floating_button_hover.png, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\topbar_floating_button_maximize.png, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\topbar_floating_button_pressed.png, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\bg\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ca\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\cs\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\da\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\de\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\el\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\en\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\en_GB\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\es\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\es_419\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\et\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fi\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fil\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fr\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hi\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hr\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hu\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\id\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\it\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ja\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ko\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\lt\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\lv\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\nb\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\nl\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pl\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pt_BR\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pt_PT\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ro\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ru\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sk\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sl\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sr\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sv\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\th\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\tr\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\uk\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\vi\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\zh_CN\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\zh_TW\messages.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_metadata\verified_contents.json, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Session Storage\000005.log, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Session Storage\CURRENT, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Session Storage\LOCK, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Session Storage\LOG, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Session Storage\LOG.old, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Session Storage\MANIFEST-000004, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\GPUCache\data_0, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\GPUCache\data_1, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\GPUCache\data_2, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\GPUCache\data_3, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\GPUCache\index, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\JumpListIcons\F946.tmp, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\JumpListIcons\F947.tmp, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\JumpListIcons\F948.tmp, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\JumpListIconsOld\999E.tmp, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\JumpListIconsOld\999F.tmp, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000006.log, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\CURRENT, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG.old, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000004, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage, , [1cd9c8a00288eb4bf474feb604ffea16], 
PUP.Optional.Crossbrowse.C, C:\Users\Lena\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal, , [1cd9c8a00288eb4bf474feb604ffea16], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
__________________

Alt 05.04.2015, 11:33   #4
M-K-D-B
/// TB-Ausbilder
 
DropperGen/Malware/Spyware - das volle Programm - Standard

DropperGen/Malware/Spyware - das volle Programm






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Alle Funde mit MBAM entfernen lassen, Logdatei davon posten, dann folgendes tun:





Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.
__________________
Gruß
M-K-D-B



Das Trojaner-Board unterstützen

Alt 05.04.2015, 16:28   #5
Phiyahless
 
DropperGen/Malware/Spyware - das volle Programm - Standard

DropperGen/Malware/Spyware - das volle Programm



Hallo Matthias

danke das du dich meiner annimmst..

Alles der reihenfolge nach erledigt und es sind auch keine Probleme aufgetaucht, also nun die Logfiles

AdwCleaner

Code:
ATTFilter
# AdwCleaner v4.200 - Bericht erstellt 05/04/2015 um 15:56:54
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Lena - LENA
# Gestarted von : C:\Users\Lena\Desktop\AdwCleaner_4.200.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\8bdda2ae000015df
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Ordner Gelöscht : C:\Program Files (x86)\DriverToolkit
Ordner Gelöscht : C:\Users\Lena\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Lena\AppData\Local\DriverToolkit
Ordner Gelöscht : C:\Users\Lena\Documents\Optimizer Pro
Datei Gelöscht : C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.istartsurf.com_0.localstorage
Datei Gelöscht : C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.istartsurf.com_0.localstorage-journal

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\8928cbbb-f3d6-1a22-7148-fc8b3660ed16
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\Wnkey
Schlüssel Gelöscht : HKCU\Software\DriverToolkit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v41.0.2272.118

[C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&ts=1428084035&type=default&q={searchTerms}
[C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.istartsurf.com/web/?type=dspp&ts=1428084012&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}
[C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.istartsurf.com/web/?type=dspp&ts=1428084012&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX&q={searchTerms}
[C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : hxxp://www.istartsurf.com/?type=hppp&ts=1428084012&from=tugs&uid=HGSTXHTS541010A9E680_JA100C103U7YKV3U7YKVX
[C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Default_Search_Provider_Data] : 

*************************

AdwCleaner[R0].txt - [27753 Bytes] - [05/04/2015 15:52:39]
AdwCleaner[S0].txt - [9654 Bytes] - [05/04/2015 15:56:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9713  Bytes] ##########
         
JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 8.1 x64
Ran by Lena on 05.04.2015 at 16:03:57,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}



~~~ Files

Successfully deleted: [File] "C:\Users\Lena\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Lena\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
Successfully deleted: [File] C:\Windows\prefetch\DRIVERTOOLKIT.EXE-0EC65877.pf
Successfully deleted: [File] C:\Windows\prefetch\DRIVERTOOLKITINSTALLER.TMP-257C8F87.pf
Successfully deleted: [File] C:\Windows\prefetch\DRIVERTOOLKITINSTALLER.TMP-9E6D1579.pf



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.04.2015 at 16:12:48,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Lena (administrator) on LENA on 05-04-2015 16:19:21
Running from C:\Users\Lena\Desktop
Loaded Profiles: Lena (Available profiles: Lena)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7535832 2014-02-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2803440 2013-12-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-04] (Avast Software s.r.o.)
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{9bb832fb-83cc-0e4c-9bb8-832fb83ccbee}\hqghumeaylnlf.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM -> {EE60B551-6ECC-4D1A-900A-974375B39DDC} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {EE60B551-6ECC-4D1A-900A-974375B39DDC} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = 
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {EE60B551-6ECC-4D1A-900A-974375B39DDC} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-04] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-04] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-03] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-04]

Chrome: 
=======
CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-03]
CHR Extension: (Google Wallet) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-17] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-04] (Avast Software s.r.o.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-02-13] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-25] (Advanced Micro Devices, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 AtherosSvc; "C:\Program Files (x86)\Bluetooth Suite\adminservice.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-25] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-25] (Advanced Micro Devices, Inc. )
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-04] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-04] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-04] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-04] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-04] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-04] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 16:19 - 2015-04-05 16:19 - 00012033 _____ () C:\Users\Lena\Desktop\FRST.txt
2015-04-05 16:17 - 2015-04-05 16:17 - 00001596 _____ () C:\Users\Lena\Desktop\JRT1.txt
2015-04-05 16:12 - 2015-04-05 16:12 - 00001596 _____ () C:\Users\Lena\Desktop\JRT.txt
2015-04-05 16:04 - 2015-04-05 16:04 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LENA-Windows-8.1-(64-bit).dat
2015-04-05 16:04 - 2015-04-05 16:04 - 00000000 ____D () C:\RegBackup
2015-04-05 16:01 - 2015-04-05 16:01 - 02690981 _____ (Thisisu) C:\Users\Lena\Desktop\JRT.exe
2015-04-05 15:59 - 2015-04-05 15:59 - 00009813 _____ () C:\Users\Lena\Desktop\AdwCleaner[S0]1.txt
2015-04-05 15:56 - 2015-04-05 15:56 - 00027753 _____ () C:\Users\Lena\Desktop\AdwCleaner[R0].txt
2015-04-05 15:52 - 2015-04-05 15:56 - 00000000 ____D () C:\AdwCleaner
2015-04-05 15:51 - 2015-04-05 15:51 - 02208768 _____ () C:\Users\Lena\Desktop\AdwCleaner_4.200.exe
2015-04-05 15:50 - 2015-04-05 15:50 - 00073122 _____ () C:\Users\Lena\Desktop\MBAMsl.txt
2015-04-05 10:27 - 2015-04-05 15:48 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-05 10:26 - 2015-04-05 10:26 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-05 10:26 - 2015-04-05 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-05 10:26 - 2015-04-05 10:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-05 10:26 - 2015-04-05 10:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-05 10:26 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-05 10:26 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-05 10:26 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-05 10:24 - 2015-04-05 10:24 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Lena\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-05 10:20 - 2015-04-05 10:20 - 00380416 _____ () C:\Users\Lena\Desktop\Gmer-19357.exe
2015-04-05 10:13 - 2015-04-05 16:19 - 00000000 ____D () C:\FRST
2015-04-05 10:11 - 2015-04-05 10:11 - 02095616 _____ (Farbar) C:\Users\Lena\Desktop\FRST64.exe
2015-04-05 10:09 - 2015-04-05 10:09 - 00000470 _____ () C:\Users\Lena\Downloads\defogger_disable.log
2015-04-05 10:09 - 2015-04-05 10:09 - 00000000 _____ () C:\Users\Lena\defogger_reenable
2015-04-05 10:07 - 2015-04-05 10:07 - 00050477 _____ () C:\Users\Lena\Downloads\Defogger.exe
2015-04-05 09:58 - 2015-04-05 09:58 - 00002278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-05 09:58 - 2015-04-05 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-04 20:28 - 2015-04-04 20:28 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-04-04 17:53 - 2015-04-04 17:53 - 00001945 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-04 17:53 - 2015-04-04 17:53 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\AVAST Software
2015-04-04 17:53 - 2015-04-04 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-04 17:52 - 2015-04-04 17:52 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-04 17:52 - 2015-04-04 17:52 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-04 17:52 - 2015-04-04 17:52 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-04 17:52 - 2015-04-04 17:51 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-04 17:51 - 2015-04-04 17:51 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-04 17:50 - 2015-04-04 17:50 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\rddcvtpk.sys
2015-04-04 17:50 - 2015-04-04 17:50 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-04 17:41 - 2015-04-04 17:42 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2015-04-04 17:41 - 2015-04-04 17:41 - 00000000 ____D () C:\Windows\Options
2015-04-04 17:41 - 2013-10-17 02:46 - 03858944 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athwbx.sys
2015-04-04 17:25 - 2015-04-04 17:25 - 00000000 ____D () C:\Windows\LastGood.Tmp
2015-04-04 17:22 - 2015-04-04 17:22 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\WinRAR
2015-04-04 17:22 - 2015-04-04 17:22 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-04 17:22 - 2015-04-04 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-04 17:21 - 2015-04-04 17:22 - 00000000 ____D () C:\Program Files\WinRAR
2015-04-04 17:06 - 2015-04-04 20:34 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 17:06 - 2015-04-04 17:06 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 16:51 - 2015-04-04 17:07 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-04 16:07 - 2015-04-04 16:07 - 00003136 _____ () C:\Windows\System32\Tasks\{64880DBA-0167-4B94-A9F5-94125B8E03E8}
2015-04-04 15:48 - 2015-03-11 04:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 00943104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-04 15:41 - 2015-04-04 16:04 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-03 20:08 - 2015-04-05 15:42 - 00000000 ____D () C:\ProgramData\{9bb832fb-83cc-0e4c-9bb8-832fb83ccbee}
2015-04-03 20:03 - 2015-04-04 16:41 - 00000000 ___HD () C:\Users\Public\Temp
2015-04-03 20:01 - 2015-04-03 20:01 - 00003152 _____ () C:\Windows\System32\Tasks\Run_Browser
2015-04-03 19:59 - 2015-04-03 20:04 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-03 19:59 - 2015-04-03 20:04 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-03 19:59 - 2015-04-03 20:04 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-03 19:59 - 2015-04-03 20:04 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-03 19:59 - 2015-04-03 19:59 - 00003546 _____ () C:\Windows\System32\Tasks\VZZXGN
2015-04-03 19:58 - 2015-04-05 15:42 - 00000000 ____D () C:\ProgramData\4d0801eee76440b5aa8e9e9bd8f25f47
2015-04-03 19:58 - 2015-04-03 20:02 - 00000000 ____D () C:\Users\Lena\AppData\Local\Google
2015-04-03 19:58 - 2015-04-03 20:02 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-03 19:58 - 2015-04-03 19:58 - 00000000 ____D () C:\ProgramData\7b2a98c5c3a9485689cfb0f9c7e387ba
2015-04-03 19:43 - 2015-04-03 19:43 - 00000000 __SHD () C:\Users\Lena\AppData\Local\EmieBrowserModeList
2015-03-26 21:14 - 2015-04-04 19:43 - 00000385 _____ () C:\Users\Lena\AppData\Roaming\XQZHZAT
2015-03-13 18:32 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-13 18:32 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-13 18:32 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-13 18:32 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-13 18:32 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-03-13 18:32 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-13 18:32 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-03-13 18:31 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 18:31 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-13 18:31 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-13 18:31 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 18:31 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 18:31 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-13 18:31 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-13 18:31 - 2015-02-07 01:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-13 18:31 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-13 18:31 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-03-13 18:31 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-13 18:31 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-03-13 18:31 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-13 18:31 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-13 18:31 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-03-13 18:31 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-13 18:31 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2015-03-13 18:31 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-13 18:31 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-13 18:31 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-03-13 18:31 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-03-13 18:31 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-03-13 18:31 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-13 18:31 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-03-13 18:31 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-13 18:31 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-13 18:31 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-13 18:31 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-13 18:31 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-13 18:31 - 2014-10-29 04:49 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-13 18:31 - 2014-10-29 04:46 - 00081920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2015-03-13 18:31 - 2014-10-29 04:46 - 00053248 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2015-03-13 18:31 - 2014-10-29 04:45 - 01198080 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-03-13 18:31 - 2014-10-29 04:44 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-13 18:31 - 2014-10-29 04:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-13 18:31 - 2014-10-29 04:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\printui.exe
2015-03-13 18:31 - 2014-10-29 04:34 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-03-13 18:31 - 2014-10-29 04:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll
2015-03-13 18:31 - 2014-10-29 04:04 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-13 18:31 - 2014-10-29 04:03 - 00241152 ____C (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
2015-03-13 18:31 - 2014-10-29 04:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-13 18:31 - 2014-10-29 04:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-13 18:31 - 2014-10-29 03:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.exe
2015-03-13 18:31 - 2014-10-29 03:52 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2015-03-13 18:31 - 2014-10-29 03:51 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-03-13 18:31 - 2014-10-29 03:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2015-03-13 18:31 - 2014-10-29 03:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findnetprinters.dll
2015-03-13 18:31 - 2014-10-29 03:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\atlthunk.dll
2015-03-13 18:31 - 2014-10-29 03:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-03-13 18:31 - 2014-10-29 03:15 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2015-03-13 18:31 - 2014-10-29 02:55 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2015-03-13 18:31 - 2014-10-29 02:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2015-03-13 18:31 - 2014-10-29 02:41 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2015-03-13 18:31 - 2014-10-29 02:35 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2015-03-13 18:30 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-13 18:30 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-13 18:30 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-13 18:30 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-03-13 18:30 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-13 18:30 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-13 18:30 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-13 18:30 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-13 18:30 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-13 18:30 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-13 18:30 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-13 18:30 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-13 18:30 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-13 18:30 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-13 18:30 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-13 18:30 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-13 18:30 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-13 18:30 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-13 18:30 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-13 18:30 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-13 18:30 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-13 18:30 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-13 18:30 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-13 18:30 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-13 18:30 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-13 18:30 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-13 18:30 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-13 18:30 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-03-13 18:30 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-13 18:30 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-03-13 18:30 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-13 18:30 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-13 18:30 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-13 18:30 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-13 18:30 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-13 18:30 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-13 18:30 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-13 18:30 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-13 18:30 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-13 18:30 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-13 18:30 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-13 18:30 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-13 18:30 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-13 18:30 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-13 18:30 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-13 18:30 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-13 18:30 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-13 18:30 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-13 18:30 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 18:30 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-13 18:30 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-13 18:30 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-13 18:30 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-13 18:30 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-13 18:30 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-13 18:30 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 18:30 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-13 18:30 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-03-13 18:30 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-13 18:30 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-03-13 18:30 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-13 18:30 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-13 18:30 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-13 18:30 - 2014-10-29 05:56 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-13 18:30 - 2014-10-29 04:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2015-03-13 18:30 - 2014-10-29 04:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2015-03-13 18:30 - 2014-10-29 04:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2015-03-13 18:30 - 2014-10-29 03:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll
2015-03-13 18:30 - 2014-10-29 03:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-03-13 18:30 - 2014-10-29 02:59 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll
2015-03-13 18:30 - 2014-10-29 02:55 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-03-13 18:29 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-13 18:29 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-03-13 18:29 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 18:29 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-13 18:29 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-13 18:29 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-03-13 18:29 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 18:29 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-09 21:00 - 2015-03-03 15:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-06 16:08 - 2015-03-06 16:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 16:15 - 2014-12-04 20:46 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DA146DF6-84F2-44EC-AE01-834C2EFCE954}
2015-04-05 16:12 - 2014-12-04 20:47 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3163897636-2943637359-1939516349-1002
2015-04-05 16:02 - 2014-05-07 04:46 - 00800954 _____ () C:\Windows\system32\perfh007.dat
2015-04-05 16:02 - 2014-05-07 04:46 - 00174458 _____ () C:\Windows\system32\perfc007.dat
2015-04-05 16:02 - 2014-03-18 11:53 - 01921090 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-05 16:00 - 2014-12-04 20:45 - 00000000 ___DO () C:\Users\Lena\OneDrive
2015-04-05 16:00 - 2014-09-10 02:45 - 00733140 _____ () C:\Windows\SysWOW64\rootpa.e2e
2015-04-05 16:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-05 15:57 - 2014-09-10 02:36 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-04-05 15:57 - 2014-03-18 11:44 - 00122222 _____ () C:\Windows\PFRO.log
2015-04-05 15:57 - 2013-08-22 16:46 - 00029824 _____ () C:\Windows\setupact.log
2015-04-05 15:57 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-05 15:57 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-05 15:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer
2015-04-05 15:31 - 2014-12-04 20:31 - 01155242 _____ () C:\Windows\WindowsUpdate.log
2015-04-05 11:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-04-05 10:09 - 2014-12-04 20:41 - 00000000 ____D () C:\Users\Lena
2015-04-04 18:44 - 2013-08-22 15:25 - 00000226 _____ () C:\Windows\win.ini
2015-04-04 17:46 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-04-04 17:41 - 2014-05-06 19:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-04 17:40 - 2014-04-01 03:07 - 00000000 ____D () C:\SWSetup
2015-04-04 17:26 - 2014-09-10 02:38 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-04-04 17:07 - 2014-12-27 17:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-04 17:07 - 2014-12-27 17:52 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-04 17:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-04 16:41 - 2013-10-02 23:14 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-04-04 16:39 - 2014-09-10 02:45 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-04 16:39 - 2014-09-10 02:45 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-04-04 16:38 - 2013-08-22 16:44 - 00338016 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-04 16:28 - 2014-05-06 19:47 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-04-04 16:28 - 2014-05-06 19:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-04-04 16:27 - 2014-05-06 20:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-04-04 16:26 - 2014-12-06 09:53 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\hpqlog
2015-04-04 16:23 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-04-04 16:19 - 2014-09-10 02:35 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-04-04 16:18 - 2014-12-04 20:41 - 00001461 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-04 16:02 - 2014-09-10 02:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-04-04 16:01 - 2014-09-10 02:50 - 00000000 ____D () C:\ProgramData\CyberLink
2015-04-04 16:00 - 2014-05-06 19:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-04-04 15:43 - 2014-12-04 20:43 - 00000000 ____D () C:\Users\Lena\Documents\Youcam
2015-03-20 18:16 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-13 18:45 - 2014-12-27 17:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-13 18:43 - 2014-12-27 17:28 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-03-26 21:14 - 2015-04-04 19:43 - 0000385 _____ () C:\Users\Lena\AppData\Roaming\XQZHZAT

Some content of TEMP:
====================
C:\Users\Lena\AppData\Local\Temp\81A289CB-919E-62E2-27CC-59E542698677.dll
C:\Users\Lena\AppData\Local\Temp\optprosetup.exe
C:\Users\Lena\AppData\Local\Temp\Quarantine.exe
C:\Users\Lena\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 16:50

==================== End Of Log ============================
         
--- --- ---

--- --- ---


und FRST Additional

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Lena at 2015-04-05 16:20:33
Running from C:\Users\Lena\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{7536C341-2F7D-EFE6-F521-DEBE68B025C5}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Documentation (HKLM-x32\...\{F29E3AA8-CF19-4452-92B7-F1FE31CD11C5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Ihr Firmenname)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0033 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7164 - Realtek Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.4.0 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-03-2015 18:33:15 Windows Update
04-04-2015 15:50:25 Removed Bonjour

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08E6DAD9-A9E4-4038-B4FC-BD53D8CB5719} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {0E72D7A4-B9F8-45FD-98E0-A1F36A1A7A08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-03] (Google Inc.)
Task: {0FDAE9A2-92E2-4570-A1BB-18EFDFAD84EF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-04] (Avast Software s.r.o.)
Task: {1DEC50FB-2955-42BC-9D6A-0E3BF5C4C9AA} - System32\Tasks\Run_Browser => C:\Users\Lena\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
Task: {46C58825-2772-4A0E-8884-7F3D09A62E14} - System32\Tasks\VZZXGN => C:\ProgramData\4d0801eee76440b5aa8e9e9bd8f25f47\4d0801eee76440b5aa8e9e9bd8f25f47.exe
Task: {54C95428-DC2A-4849-BFD0-8207330992A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {6A02997A-7A0E-4CFF-9441-30302A1BD392} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-03] (Google Inc.)
Task: {90F7F862-9086-4FB5-BB72-257F3FC33904} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {A3C0A0C6-790F-467A-8620-52CCA4E6867F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {AF19EF05-DFB3-4015-ABD2-CAEA45303F4F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {D22A7EBF-F927-4984-AACD-2421AC4AB263} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-13] (Microsoft Corporation)
Task: {D81196DE-41D0-4C4D-889B-5510AA787960} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {EE3680BB-A3D8-4FDA-93D0-E97956E362C4} - System32\Tasks\{64880DBA-0167-4B94-A9F5-94125B8E03E8} => pcalua.exe -a C:\Users\Lena\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=tugs
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLena.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2014-04-17 15:38 - 2014-04-17 15:38 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-04-17 15:37 - 2014-04-17 15:37 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-04-04 17:52 - 2015-04-04 17:52 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-04 17:52 - 2015-04-04 17:52 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-05 10:01 - 2015-04-05 10:01 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040500\algo.dll
2015-04-04 17:52 - 2015-04-04 17:52 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Lena\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Lena\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Fotogalerie-Hintergrundbild.jpg
DNS Servers: 192.168.0.1 - 192.168.0.2

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\...\StartupApproved\StartupFolder: => "hqghumeaylnlf.lnk"

==================== Accounts: =============================

Administrator (S-1-5-21-3163897636-2943637359-1939516349-500 - Administrator - Disabled)
Gast (S-1-5-21-3163897636-2943637359-1939516349-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3163897636-2943637359-1939516349-1004 - Limited - Enabled)
Lena (S-1-5-21-3163897636-2943637359-1939516349-1002 - Administrator - Enabled) => C:\Users\Lena

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics 
Percentage of memory in use: 28%
Total physical RAM: 3528.98 MB
Available physical RAM: 2526.13 MB
Total Pagefile: 4168.98 MB
Available Pagefile: 3118.38 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:913.81 GB) (Free:878.48 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:16.68 GB) (Free:1.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EAD2A2F5)

Partition: GPT Partition Type.

==================== End Of Log ============================
         


Alt 06.04.2015, 09:42   #6
M-K-D-B
/// TB-Ausbilder
 
DropperGen/Malware/Spyware - das volle Programm - Standard

DropperGen/Malware/Spyware - das volle Programm



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{9bb832fb-83cc-0e4c-9bb8-832fb83ccbee}\hqghumeaylnlf.exe (No File)
C:\ProgramData\{9bb832fb-83cc-0e4c-9bb8-832fb83ccbee}
Task: {46C58825-2772-4A0E-8884-7F3D09A62E14} - System32\Tasks\VZZXGN => C:\ProgramData\4d0801eee76440b5aa8e9e9bd8f25f47\4d0801eee76440b5aa8e9e9bd8f25f47.exe
C:\ProgramData\4d0801eee76440b5aa8e9e9bd8f25f47
C:\ProgramData\7b2a98c5c3a9485689cfb0f9c7e387ba
Task: {1DEC50FB-2955-42BC-9D6A-0E3BF5C4C9AA} - System32\Tasks\Run_Browser => C:\Users\Lena\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
C:\Users\Lena\AppData\Local\UnicoBrowser
Task: {EE3680BB-A3D8-4FDA-93D0-E97956E362C4} - System32\Tasks\{64880DBA-0167-4B94-A9F5-94125B8E03E8} => pcalua.exe -a C:\Users\Lena\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=tugs
C:\Users\Lena\AppData\Roaming\istartsurf
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
RemoveProxy:
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
  • Deaktiviere dein Anti-Viren-Programm.
  • Gehe zum Ordner C:\FRST\Quarantine.
  • Rechtsklicke auf den Ordner Quarantine und wähle > Senden an > Zip-komprimierter Ordner.
  • Es wird eine zip-Datei mit dem Namen Quarantine.zip im Ordner FRST erstellt.
  • Lade die Quarantine.zip im Upload-Channel hoch.
  • Klicke dazu auf Durchsuchen, navigiere zu der zip-Datei ( C:\FRST\Quarantine.zip ) und klicke auf Öffnen.
  • Klicke abschließend auf Hochladen.
  • Vielen Dank für deine Hilfe.
  • Aktiviere dein Anti-Viren-Programm wieder.





Schritt 3
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :folderfind
    *istartsurf*
    *UnicoBrowser*
    *DriverToolkit*
    *Optimizer Pro*
    
    :regfind
    istartsurf
    UnicoBrowser
    DriverToolkit
    Optimizer Pro
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.




Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • eine Rückmeldung bezüglich des Uploads,
  • die Logdatei von SystemLook,
  • die beiden neuen Logdateien von FRST.
__________________
--> DropperGen/Malware/Spyware - das volle Programm

Alt 06.04.2015, 10:28   #7
Phiyahless
 
DropperGen/Malware/Spyware - das volle Programm - Standard

DropperGen/Malware/Spyware - das volle Programm



Moin

vielen vielen Danke für deine Hilfe bisher.

Der Upload hat funktioniert und alles andere lief auch einwandfrei.
Sagmal mit was ist es denn genau befallen? Ich schaue natürlich auch in das rein was ich hier so produziere und beschäftige mich damit aber kann daraus natürlich nicht so viel lesen wie du.

Ich habe in irgendeiner logdatei auch mal etliche Pfadeinträge von Crossbrowse gesehen und habe mich bei SystemLook gefragt ob man das dort nicht auch noch eintragen könnte? Oder gehört Crossbrowse zu diesem Unicobrowser?

Nun die Logfiles

FRST Fixlog
Code:
ATTFilter
:folderfind
*istartsurf*
*UnicoBrowser*
*DriverToolkit*
*Optimizer Pro*

:regfind
istartsurf
UnicoBrowser
DriverToolkit
Optimizer Pro
         
SystemLook
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 10:07 on 06/04/2015 by Lena
Administrator - Elevation successful

========== folderfind ==========

Searching for "*istartsurf*"
No folders found.

Searching for "*UnicoBrowser*"
No folders found.

Searching for "*DriverToolkit*"
No folders found.

Searching for "*Optimizer Pro*"
C:\AdwCleaner\Quarantine\C\Users\Lena\Documents\Optimizer Pro	d------	[13:56 05/04/2015]

========== regfind ==========

Searching for "istartsurf"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Users\Lena\AppData\Roaming\istartsurf\UninstallManager.exe"="$ WinBlueRTM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"DisplayName"="istartsurf"
[HKEY_USERS\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Users\Lena\AppData\Roaming\istartsurf\UninstallManager.exe"="$ WinBlueRTM"

Searching for "UnicoBrowser"
[HKEY_CURRENT_USER\Software\Classes\Unico_Browser.7S7FI5NLN6OET5MTOBIHY2MEBE\.exe\shell\open\command]
@=""C:\Users\Lena\AppData\Local\UnicoBrowser\Application\unicobrowser.exe" %*"
[HKEY_CURRENT_USER\Software\Classes\Unico_Browser.7S7FI5NLN6OET5MTOBIHY2MEBE\.exe\shell\opennewwindow\command]
@=""C:\Users\Lena\AppData\Local\UnicoBrowser\Application\unicobrowser.exe" %*"
[HKEY_USERS\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Classes\Unico_Browser.7S7FI5NLN6OET5MTOBIHY2MEBE\.exe\shell\open\command]
@=""C:\Users\Lena\AppData\Local\UnicoBrowser\Application\unicobrowser.exe" %*"
[HKEY_USERS\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Classes\Unico_Browser.7S7FI5NLN6OET5MTOBIHY2MEBE\.exe\shell\opennewwindow\command]
@=""C:\Users\Lena\AppData\Local\UnicoBrowser\Application\unicobrowser.exe" %*"
[HKEY_USERS\S-1-5-21-3163897636-2943637359-1939516349-1002_Classes\Unico_Browser.7S7FI5NLN6OET5MTOBIHY2MEBE\.exe\shell\open\command]
@=""C:\Users\Lena\AppData\Local\UnicoBrowser\Application\unicobrowser.exe" %*"
[HKEY_USERS\S-1-5-21-3163897636-2943637359-1939516349-1002_Classes\Unico_Browser.7S7FI5NLN6OET5MTOBIHY2MEBE\.exe\shell\opennewwindow\command]
@=""C:\Users\Lena\AppData\Local\UnicoBrowser\Application\unicobrowser.exe" %*"

Searching for "DriverToolkit"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"18"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit\DriverToolkit.lnk C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"F:\DriverToolkitInstaller.exe.FriendlyAppName"="DriverToolkit Setup"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"F:\DriverToolkitInstaller.exe.ApplicationCompany"="Megaify Software"
[HKEY_USERS\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"18"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit\DriverToolkit.lnk C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe"
[HKEY_USERS\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"F:\DriverToolkitInstaller.exe.FriendlyAppName"="DriverToolkit Setup"
[HKEY_USERS\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"F:\DriverToolkitInstaller.exe.ApplicationCompany"="Megaify Software"
[HKEY_USERS\S-1-5-21-3163897636-2943637359-1939516349-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"F:\DriverToolkitInstaller.exe.FriendlyAppName"="DriverToolkit Setup"
[HKEY_USERS\S-1-5-21-3163897636-2943637359-1939516349-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"F:\DriverToolkitInstaller.exe.ApplicationCompany"="Megaify Software"

Searching for "Optimizer Pro"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"4"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Nach Updates suchen.lnk C:\Program Files (x86)\Optimizer Pro 3.75\OptimizerPro.exe  /checkupdate"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"5"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro entfernen.lnk C:\Program Files (x86)\Optimizer Pro 3.75\unins000.exe  /VERYSILENT"
[HKEY_USERS\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"4"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Nach Updates suchen.lnk C:\Program Files (x86)\Optimizer Pro 3.75\OptimizerPro.exe  /checkupdate"
[HKEY_USERS\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"5"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro entfernen.lnk C:\Program Files (x86)\Optimizer Pro 3.75\unins000.exe  /VERYSILENT"

-= EOF =-
         
FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Lena (administrator) on LENA on 06-04-2015 10:13:02
Running from C:\Users\Lena\Desktop
Loaded Profiles: Lena (Available profiles: Lena)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7535832 2014-02-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2803440 2013-12-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-04] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM -> {EE60B551-6ECC-4D1A-900A-974375B39DDC} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {EE60B551-6ECC-4D1A-900A-974375B39DDC} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = 
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {EE60B551-6ECC-4D1A-900A-974375B39DDC} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-04] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-04] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-03] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-04]

Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.de/"
CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-05]
CHR Extension: (Avast Online Security) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-03]
CHR Extension: (Google Wallet) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-17] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-04] (Avast Software s.r.o.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-02-13] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-25] (Advanced Micro Devices, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 AtherosSvc; "C:\Program Files (x86)\Bluetooth Suite\adminservice.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-25] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-25] (Advanced Micro Devices, Inc. )
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-04] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-04] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-04] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-04] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-04] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-04] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-06 10:12 - 2015-04-06 10:12 - 00010150 _____ () C:\Users\Lena\Desktop\SystemLook.txt
2015-04-06 10:07 - 2015-04-06 10:11 - 00010148 _____ () C:\Users\Lena\Downloads\SystemLook.txt
2015-04-06 10:06 - 2015-04-06 10:07 - 00165376 _____ () C:\Users\Lena\Downloads\SystemLook_x64.exe
2015-04-06 09:54 - 2015-04-06 09:54 - 00014219 _____ () C:\Users\Lena\Desktop\Addition.txt
2015-04-06 09:52 - 2015-04-06 10:13 - 00012244 _____ () C:\Users\Lena\Desktop\FRST.txt
2015-04-06 09:50 - 2015-04-06 09:50 - 02095616 _____ (Farbar) C:\Users\Lena\Desktop\FRST64.exe
2015-04-05 20:12 - 2015-04-06 10:12 - 00079460 _____ () C:\Windows\WindowsUpdate.log
2015-04-05 20:10 - 2015-04-06 09:59 - 00000232 _____ () C:\Windows\setupact.log
2015-04-05 20:10 - 2015-04-05 20:10 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-05 20:09 - 2015-04-05 20:09 - 00000802 _____ () C:\Windows\PFRO.log
2015-04-05 20:03 - 2015-04-05 20:03 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-05 20:03 - 2015-04-05 20:03 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-05 16:04 - 2015-04-05 16:04 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LENA-Windows-8.1-(64-bit).dat
2015-04-05 16:04 - 2015-04-05 16:04 - 00000000 ____D () C:\RegBackup
2015-04-05 15:52 - 2015-04-05 15:56 - 00000000 ____D () C:\AdwCleaner
2015-04-05 10:27 - 2015-04-05 20:12 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-05 10:26 - 2015-04-05 10:26 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-05 10:26 - 2015-04-05 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-05 10:26 - 2015-04-05 10:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-05 10:26 - 2015-04-05 10:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-05 10:26 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-05 10:26 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-05 10:26 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-05 10:13 - 2015-04-06 10:13 - 00000000 ____D () C:\FRST
2015-04-05 10:09 - 2015-04-05 10:09 - 00000470 _____ () C:\Users\Lena\Downloads\defogger_disable.log
2015-04-05 10:09 - 2015-04-05 10:09 - 00000000 _____ () C:\Users\Lena\defogger_reenable
2015-04-05 10:07 - 2015-04-05 10:07 - 00050477 _____ () C:\Users\Lena\Downloads\Defogger.exe
2015-04-05 09:58 - 2015-04-05 09:58 - 00002278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-05 09:58 - 2015-04-05 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-04 20:28 - 2015-04-06 09:59 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-04-04 17:53 - 2015-04-04 17:53 - 00001945 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-04 17:53 - 2015-04-04 17:53 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\AVAST Software
2015-04-04 17:53 - 2015-04-04 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-04 17:52 - 2015-04-04 17:52 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-04 17:52 - 2015-04-04 17:52 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-04 17:52 - 2015-04-04 17:52 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-04 17:52 - 2015-04-04 17:52 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-04 17:52 - 2015-04-04 17:51 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-04 17:51 - 2015-04-04 17:51 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-04 17:50 - 2015-04-04 17:50 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\rddcvtpk.sys
2015-04-04 17:50 - 2015-04-04 17:50 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-04 17:41 - 2015-04-04 17:42 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2015-04-04 17:41 - 2015-04-04 17:41 - 00000000 ____D () C:\Windows\Options
2015-04-04 17:41 - 2013-10-17 02:46 - 03858944 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athwbx.sys
2015-04-04 17:22 - 2015-04-04 17:22 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\WinRAR
2015-04-04 17:22 - 2015-04-04 17:22 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-04 17:22 - 2015-04-04 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-04 17:21 - 2015-04-04 17:22 - 00000000 ____D () C:\Program Files\WinRAR
2015-04-04 17:06 - 2015-04-04 20:34 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 17:06 - 2015-04-04 17:06 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 16:51 - 2015-04-04 17:07 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-04 15:48 - 2015-03-11 04:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 00943104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-04 15:48 - 2015-03-11 00:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-04 15:41 - 2015-04-04 16:04 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-03 20:03 - 2015-04-04 16:41 - 00000000 ___HD () C:\Users\Public\Temp
2015-04-03 19:59 - 2015-04-03 20:04 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-03 19:59 - 2015-04-03 20:04 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-03 19:59 - 2015-04-03 20:04 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-03 19:59 - 2015-04-03 20:04 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-03 19:58 - 2015-04-03 20:02 - 00000000 ____D () C:\Users\Lena\AppData\Local\Google
2015-04-03 19:58 - 2015-04-03 20:02 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-03 19:43 - 2015-04-03 19:43 - 00000000 __SHD () C:\Users\Lena\AppData\Local\EmieBrowserModeList
2015-03-26 21:14 - 2015-04-04 19:43 - 00000385 _____ () C:\Users\Lena\AppData\Roaming\XQZHZAT
2015-03-13 18:32 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-13 18:32 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-13 18:32 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-13 18:32 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-13 18:32 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-03-13 18:32 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-13 18:32 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-03-13 18:31 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 18:31 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-13 18:31 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-13 18:31 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 18:31 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 18:31 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-13 18:31 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-13 18:31 - 2015-02-07 01:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-13 18:31 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-13 18:31 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-03-13 18:31 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-13 18:31 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-03-13 18:31 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-13 18:31 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-13 18:31 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-03-13 18:31 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-13 18:31 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2015-03-13 18:31 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-13 18:31 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-13 18:31 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-03-13 18:31 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-03-13 18:31 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-03-13 18:31 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-13 18:31 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-03-13 18:31 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-13 18:31 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-13 18:31 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-13 18:31 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-13 18:31 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-13 18:31 - 2014-10-29 04:49 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-13 18:31 - 2014-10-29 04:46 - 00081920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2015-03-13 18:31 - 2014-10-29 04:46 - 00053248 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2015-03-13 18:31 - 2014-10-29 04:45 - 01198080 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-03-13 18:31 - 2014-10-29 04:44 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-13 18:31 - 2014-10-29 04:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-13 18:31 - 2014-10-29 04:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\printui.exe
2015-03-13 18:31 - 2014-10-29 04:34 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-03-13 18:31 - 2014-10-29 04:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll
2015-03-13 18:31 - 2014-10-29 04:04 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-13 18:31 - 2014-10-29 04:03 - 00241152 ____C (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
2015-03-13 18:31 - 2014-10-29 04:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-13 18:31 - 2014-10-29 04:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-13 18:31 - 2014-10-29 03:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.exe
2015-03-13 18:31 - 2014-10-29 03:52 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2015-03-13 18:31 - 2014-10-29 03:51 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-03-13 18:31 - 2014-10-29 03:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2015-03-13 18:31 - 2014-10-29 03:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findnetprinters.dll
2015-03-13 18:31 - 2014-10-29 03:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\atlthunk.dll
2015-03-13 18:31 - 2014-10-29 03:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-03-13 18:31 - 2014-10-29 03:15 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2015-03-13 18:31 - 2014-10-29 02:55 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2015-03-13 18:31 - 2014-10-29 02:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2015-03-13 18:31 - 2014-10-29 02:41 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2015-03-13 18:31 - 2014-10-29 02:35 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2015-03-13 18:30 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-13 18:30 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-13 18:30 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-13 18:30 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-03-13 18:30 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-13 18:30 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-13 18:30 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-13 18:30 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-13 18:30 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-13 18:30 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-13 18:30 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-13 18:30 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-13 18:30 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-13 18:30 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-13 18:30 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-13 18:30 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-13 18:30 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-13 18:30 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-13 18:30 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-13 18:30 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-13 18:30 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-13 18:30 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-13 18:30 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-13 18:30 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-13 18:30 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-13 18:30 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-13 18:30 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-13 18:30 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-03-13 18:30 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-13 18:30 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-03-13 18:30 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-13 18:30 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-13 18:30 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-13 18:30 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-13 18:30 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-13 18:30 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-13 18:30 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-13 18:30 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-13 18:30 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-13 18:30 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-13 18:30 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-13 18:30 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-13 18:30 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-13 18:30 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-13 18:30 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-13 18:30 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-13 18:30 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-13 18:30 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-13 18:30 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 18:30 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-13 18:30 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-13 18:30 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-13 18:30 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-13 18:30 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-13 18:30 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-13 18:30 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 18:30 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-13 18:30 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-03-13 18:30 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-13 18:30 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-03-13 18:30 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-13 18:30 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-13 18:30 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-13 18:30 - 2014-10-29 05:56 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-13 18:30 - 2014-10-29 04:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2015-03-13 18:30 - 2014-10-29 04:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2015-03-13 18:30 - 2014-10-29 04:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2015-03-13 18:30 - 2014-10-29 03:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll
2015-03-13 18:30 - 2014-10-29 03:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-03-13 18:30 - 2014-10-29 02:59 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll
2015-03-13 18:30 - 2014-10-29 02:55 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-03-13 18:29 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-13 18:29 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-03-13 18:29 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 18:29 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-13 18:29 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-13 18:29 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-03-13 18:29 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 18:29 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-09 21:00 - 2015-03-03 15:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-06 10:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-06 10:03 - 2014-05-07 04:46 - 00800954 _____ () C:\Windows\system32\perfh007.dat
2015-04-06 10:03 - 2014-05-07 04:46 - 00174458 _____ () C:\Windows\system32\perfc007.dat
2015-04-06 10:03 - 2014-03-18 11:53 - 01921090 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-06 10:00 - 2014-12-04 20:45 - 00000000 ___DO () C:\Users\Lena\OneDrive
2015-04-06 10:00 - 2014-09-10 02:45 - 00832227 _____ () C:\Windows\SysWOW64\rootpa.e2e
2015-04-06 09:59 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-06 09:58 - 2014-09-10 02:36 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-04-06 09:58 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-04-06 09:58 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-06 09:50 - 2014-12-04 20:46 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DA146DF6-84F2-44EC-AE01-834C2EFCE954}
2015-04-05 20:06 - 2014-04-02 12:25 - 00000000 ____D () C:\Windows\Panther
2015-04-05 16:12 - 2014-12-04 20:47 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3163897636-2943637359-1939516349-1002
2015-04-05 15:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer
2015-04-05 11:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-04-05 10:09 - 2014-12-04 20:41 - 00000000 ____D () C:\Users\Lena
2015-04-04 18:44 - 2013-08-22 15:25 - 00000226 _____ () C:\Windows\win.ini
2015-04-04 17:41 - 2014-05-06 19:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-04 17:40 - 2014-04-01 03:07 - 00000000 ____D () C:\SWSetup
2015-04-04 17:26 - 2014-09-10 02:38 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-04-04 17:07 - 2014-12-27 17:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-04 17:07 - 2014-12-27 17:52 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-04 17:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-04 16:41 - 2013-10-02 23:14 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-04-04 16:39 - 2014-09-10 02:45 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-04 16:39 - 2014-09-10 02:45 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-04-04 16:38 - 2013-08-22 16:44 - 00338016 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-04 16:28 - 2014-05-06 19:47 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-04-04 16:28 - 2014-05-06 19:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-04-04 16:27 - 2014-05-06 20:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-04-04 16:26 - 2014-12-06 09:53 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\hpqlog
2015-04-04 16:23 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-04-04 16:19 - 2014-09-10 02:35 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-04-04 16:18 - 2014-12-04 20:41 - 00001461 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-04 16:02 - 2014-09-10 02:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-04-04 16:01 - 2014-09-10 02:50 - 00000000 ____D () C:\ProgramData\CyberLink
2015-04-04 16:00 - 2014-05-06 19:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-04-04 15:43 - 2014-12-04 20:43 - 00000000 ____D () C:\Users\Lena\Documents\Youcam
2015-03-20 18:16 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-13 19:48 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-13 18:45 - 2014-12-27 17:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-13 18:43 - 2014-12-27 17:28 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-03-26 21:14 - 2015-04-04 19:43 - 0000385 _____ () C:\Users\Lena\AppData\Roaming\XQZHZAT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 16:50

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Additional
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Lena at 2015-04-06 10:14:23
Running from C:\Users\Lena\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{7536C341-2F7D-EFE6-F521-DEBE68B025C5}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Documentation (HKLM-x32\...\{F29E3AA8-CF19-4452-92B7-F1FE31CD11C5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Ihr Firmenname)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0033 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7164 - Realtek Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.4.0 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-03-2015 18:33:15 Windows Update
04-04-2015 15:50:25 Removed Bonjour

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08E6DAD9-A9E4-4038-B4FC-BD53D8CB5719} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {0E72D7A4-B9F8-45FD-98E0-A1F36A1A7A08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-03] (Google Inc.)
Task: {0FDAE9A2-92E2-4570-A1BB-18EFDFAD84EF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-04] (Avast Software s.r.o.)
Task: {54C95428-DC2A-4849-BFD0-8207330992A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {6A02997A-7A0E-4CFF-9441-30302A1BD392} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-03] (Google Inc.)
Task: {90F7F862-9086-4FB5-BB72-257F3FC33904} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {A3C0A0C6-790F-467A-8620-52CCA4E6867F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {AF19EF05-DFB3-4015-ABD2-CAEA45303F4F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B276B54C-0FB2-4CA6-87ED-15A9D725FDE2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {D22A7EBF-F927-4984-AACD-2421AC4AB263} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-13] (Microsoft Corporation)
Task: {D81196DE-41D0-4C4D-889B-5510AA787960} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLena.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2014-04-17 15:38 - 2014-04-17 15:38 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-04-17 15:37 - 2014-04-17 15:37 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-04-05 09:58 - 2015-03-30 22:38 - 01530184 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-05 09:58 - 2015-03-30 22:38 - 00091976 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-05 09:58 - 2015-03-30 22:39 - 11266376 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-04 17:52 - 2015-04-04 17:52 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-04 17:52 - 2015-04-04 17:52 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-05 20:10 - 2015-04-05 20:10 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040501\algo.dll
2015-04-04 17:52 - 2015-04-04 17:52 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Lena\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Lena\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Fotogalerie-Hintergrundbild.jpg
DNS Servers: 192.168.0.1 - 192.168.0.2

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\...\StartupApproved\StartupFolder: => "hqghumeaylnlf.lnk"
HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== Accounts: =============================

Administrator (S-1-5-21-3163897636-2943637359-1939516349-500 - Administrator - Disabled)
Gast (S-1-5-21-3163897636-2943637359-1939516349-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3163897636-2943637359-1939516349-1004 - Limited - Enabled)
Lena (S-1-5-21-3163897636-2943637359-1939516349-1002 - Administrator - Enabled) => C:\Users\Lena

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/06/2015 09:47:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 47173359

Error: (04/06/2015 09:47:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 47173359

Error: (04/06/2015 09:47:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (04/06/2015 09:58:38 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (04/06/2015 09:58:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/06/2015 09:58:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/06/2015 09:58:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HPWMISVC" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/06/2015 09:58:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/06/2015 09:58:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/06/2015 09:58:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Andrea RT Filters Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/06/2015 09:58:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/06/2015 09:58:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AdaptiveSleepService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/06/2015 09:58:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "tbaseprovisioning" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (04/06/2015 09:47:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 47173359

Error: (04/06/2015 09:47:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 47173359

Error: (04/06/2015 09:47:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info =========================== 

Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics 
Percentage of memory in use: 38%
Total physical RAM: 3528.98 MB
Available physical RAM: 2166.25 MB
Total Pagefile: 4168.98 MB
Available Pagefile: 2512.48 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:913.81 GB) (Free:879.06 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:16.68 GB) (Free:1.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EAD2A2F5)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 06.04.2015, 12:04   #8
M-K-D-B
/// TB-Ausbilder
 
DropperGen/Malware/Spyware - das volle Programm - Standard

DropperGen/Malware/Spyware - das volle Programm



Servus,


vielen Dank für den Upload.

Dein Rechner ist mit jeder Menge Malware (Rogue, diverse Adware und unerwünschte Software) befallen.
Crossbrowse ist nicht bekannt dafür, noch weitere Einträge zu erstellen, daher hab ich es nicht mit in SystemLook aufgenommen... könnte man aber theoretisch noch tun, klar.



Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = 
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {EE60B551-6ECC-4D1A-900A-974375B39DDC} URL = 
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Unico_Browser.7S7FI5NLN6OET5MTOBIHY2MEBE
C:\Users\Lena\AppData\Roaming\XQZHZAT
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
Gruß
M-K-D-B



Das Trojaner-Board unterstützen

Alt 06.04.2015, 15:10   #9
Phiyahless
 
DropperGen/Malware/Spyware - das volle Programm - Standard

DropperGen/Malware/Spyware - das volle Programm



Alles klaro, hat alles funktioniert.

Ich hätte gerne mal gewusst was du vom CC Cleaner hälst. Ich habe nie irgendwelche "Boost up" utilities oder ähnliche verwendet, kein Mackeeper oder sonstiges Zeugs. das einzige was ich jedoch (achtsam!) sowohl früher auf Windows und sogar heute manchmal auf meinem Mac verwende ist der cc cleaner.

Ich hab etliche diskussionen darüber gelesen, aber würdest du sagen wenn man nicht ins Registry eingreift, und es wirklich so einstellt das zB nur der Papierkorb und Temp. Internet dateien entfernt werden... stellt es ein sinnvolles Tool dar?

Und viel interessanter wäre.. man kann in den einstellungen unter anderem wählen wie oft man überschreiben möchte bzw sicheres, komplexes langsames (x35) überschreiben oder einfaches. das führt doch dazu, dass meine gelöschten daten noch zerfrikkelter, bzw schlechter wieder zusammensetzbar auf meiner festplatte sind oder?

Was ist von all dem zu halten?

Hier die Logs

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Lena at 2015-04-06 13:20:33 Run:2
Running from C:\Users\Lena\Desktop
Loaded Profiles: Lena (Available profiles: Lena)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = 
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3163897636-2943637359-1939516349-1002 -> {EE60B551-6ECC-4D1A-900A-974375B39DDC} URL = 
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Unico_Browser.7S7FI5NLN6OET5MTOBIHY2MEBE
C:\Users\Lena\AppData\Roaming\XQZHZAT
EmptyTemp:
end
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
"HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully.
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found. 
"HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => Key deleted successfully.
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Key not found. 
"HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EE60B551-6ECC-4D1A-900A-974375B39DDC}" => Key deleted successfully.
HKCR\CLSID\{EE60B551-6ECC-4D1A-900A-974375B39DDC} => Key not found. 
HKEY_CURRENT_USER\Software\Classes\Unico_Browser.7S7FI5NLN6OET5MTOBIHY2MEBE => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_CURRENT_USER\Software\Classes\Unico_Browser.7S7FI5NLN6OET5MTOBIHY2MEBE => Key Deleted Successfully.
C:\Users\Lena\AppData\Roaming\XQZHZAT => Moved successfully.
EmptyTemp: => Removed 14.1 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 13:20:37 ====
         
HitmanPro
Code:
ATTFilter
Code:
ATTFilter
HitmanPro 3.7.9.240
www.hitmanpro.com

   Computer name . . . . : LENA
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . : LENA\Lena
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2015-04-06 13:27:18
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 49s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 10

   Objects scanned . . . : 1.191.270
   Files scanned . . . . : 16.527
   Remnants scanned  . . : 221.436 files / 953.307 keys

Suspicious files ____________________________________________________________

   C:\Users\Lena\Desktop\FRST64.exe
      Size . . . . . . . : 2.095.616 bytes
      Age  . . . . . . . : 0.1 days (2015-04-06 09:50:25)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 72AAB1C62CF0BC00F5B102954B603D1509B2AF5F0BD1911E9CAE98C4DDE2D152
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -7.2s C:\Windows\System32\LogFiles\SQM\SQMLogger_2015-4-6-7-50-16_0.etl
         -6.1s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457932_00.sqm
         -5.8s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_14155776_00.sqm
         -5.8s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457996_00.sqm
         -5.7s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_142593_00.sqm
         -5.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_984068_00.sqm
         -5.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_401412_00.sqm
         -5.5s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_142594_00.sqm
         -5.5s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_142593_01.sqm
         -5.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_984068_01.sqm
         -5.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_6_00.sqm
         -5.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_5_00.sqm
         -5.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_142597_00.sqm
         -3.8s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_984068_02.sqm
         -3.8s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_6_01.sqm
         -3.7s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_142597_01.sqm
         -3.7s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_142595_00.sqm
         -3.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Global_13238528_00.sqm
         -3.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_984068_03.sqm
         -3.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Global_13238784_00.sqm
         -3.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457982_00.sqm
         -3.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101458006_00.sqm
         -3.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457945_00.sqm
         -3.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101458006_01.sqm
         -3.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101458006_02.sqm
         -3.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101458006_03.sqm
         -3.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101458006_04.sqm
         -3.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_142597_02.sqm
         -3.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101458006_05.sqm
         -3.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101458006_06.sqm
         -3.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101458006_07.sqm
         -3.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_6_02.sqm
         -3.2s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101458006_08.sqm
         -3.2s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101458006_09.sqm
         -3.2s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101458005_00.sqm
         -3.2s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101458005_01.sqm
         -3.2s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101458005_02.sqm
         -3.2s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101458005_03.sqm
         -3.2s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Global_13238528_01.sqm
         -3.1s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Global_13238528_02.sqm
         -3.1s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Global_13238528_03.sqm
         -3.1s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_791812_00.sqm
         -3.1s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457985_00.sqm
         -3.0s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457985_01.sqm
         -3.0s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457951_00.sqm
         -3.0s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_401412_01.sqm
         -3.0s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_401412_02.sqm
         -3.0s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_401412_03.sqm
         -2.9s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457985_02.sqm
         -2.8s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_142595_01.sqm
         -2.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Global_13238528_04.sqm
         -2.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_142594_01.sqm
         -2.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_142595_02.sqm
         -2.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_142594_02.sqm
         -2.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_142597_03.sqm
         -2.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_142593_02.sqm
         -2.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_142597_04.sqm
         -2.1s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_142593_03.sqm
         -2.1s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457954_00.sqm
         -2.1s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457932_01.sqm
         -2.1s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457932_02.sqm
         -2.1s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457932_03.sqm
         -2.1s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457932_04.sqm
         -2.0s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457932_05.sqm
         -2.0s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457932_06.sqm
         -1.9s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457932_07.sqm
         -1.9s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457932_08.sqm
         -1.9s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457932_09.sqm
          0.0s C:\Users\Lena\Desktop\FRST64.exe
          1.2s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457988_00.sqm
          1.2s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457954_01.sqm
          1.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Global_13238784_01.sqm
          1.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457982_01.sqm
          1.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_142597_05.sqm
          1.9s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_6_03.sqm
          1.9s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101458005_04.sqm
          1.9s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101458005_05.sqm
          2.0s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Global_13238528_05.sqm
          2.0s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_791812_01.sqm
          2.1s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457985_03.sqm
          2.1s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_984068_04.sqm
          2.1s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457951_01.sqm
          2.1s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_401412_04.sqm
          2.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_401412_05.sqm
          2.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Global_13238528_06.sqm
          2.5s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Global_13238528_07.sqm
          3.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_984068_05.sqm
          3.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Global_13238528_08.sqm
          3.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_401412_06.sqm
          3.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_142594_03.sqm
          3.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Global_13238528_09.sqm
          3.7s C:\ProgramData\Microsoft\Windows\Sqm\Upload\WSqmCons_00.sqm
          4.4s C:\ProgramData\Microsoft\Windows\Sqm\Sessions\{8AE02913-4A44-4470-6670-64850ADA4A7E}_1.psqm
          4.4s C:\ProgramData\Microsoft\Windows\Sqm\Sessions\{8AE02913-4A44-4470-6670-64850ADA4A7E}_2.psqm
          4.6s C:\ProgramData\Microsoft\Windows\Sqm\Sessions\{8AE02913-4A44-4470-2DCD-9B0FC32E127E}_1.psqm
          4.7s C:\ProgramData\Microsoft\Windows\Sqm\Sessions\{8AE02913-4A44-4470-2DCD-9B0FC32E127E}_2.psqm
          4.7s C:\ProgramData\Microsoft\Windows\Sqm\Sessions\{8AE02913-4A44-4470-1843-12C9A5738A5E}_0.psqm


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\ (DomalQ) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\ (DomalQ) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\SpeedBit\ (SpeedBit) -> Deleted
   HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) -> Deleted
   HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) -> PendingDelete
   HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\AppDataLow\Software\SpeedChecker\ (SpeedChecker) -> Deleted
   HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Classes\PepperZip\ (PepperZip) -> Deleted
   HKU\S-1-5-21-3163897636-2943637359-1939516349-1002\Software\Linkey\ (Linkey) -> Deleted
   HKU\S-1-5-21-3163897636-2943637359-1939516349-1002_Classes\PepperZip\ (PepperZip) -> PendingDelete
         
ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2735268bb4cbb940a539da219d9573a8
# engine=23250
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-06 12:40:06
# local_time=2015-04-06 02:40:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 91 161263 161358 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 168170 5406398 0 0
# scanned=138628
# found=0
# cleaned=0
# scan_time=3248
         

Securitycheck
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.99  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (41.0.2272.118) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

Alt 07.04.2015, 17:24   #10
M-K-D-B
/// TB-Ausbilder
 
DropperGen/Malware/Spyware - das volle Programm - Standard

DropperGen/Malware/Spyware - das volle Programm



Zitat:
Ich hätte gerne mal gewusst was du vom CC Cleaner hälst. Ich habe nie irgendwelche "Boost up" utilities oder ähnliche verwendet, kein Mackeeper oder sonstiges Zeugs. das einzige was ich jedoch (achtsam!) sowohl früher auf Windows und sogar heute manchmal auf meinem Mac verwende ist der cc cleaner.

Ich hab etliche diskussionen darüber gelesen, aber würdest du sagen wenn man nicht ins Registry eingreift, und es wirklich so einstellt das zB nur der Papierkorb und Temp. Internet dateien entfernt werden... stellt es ein sinnvolles Tool dar?
Die Verwendung von CCleaner zum Löschen der temporären Dateien ist in Ordnung. Von der Registry würde ich die Finger lassen.



Zitat:
Und viel interessanter wäre.. man kann in den einstellungen unter anderem wählen wie oft man überschreiben möchte bzw sicheres, komplexes langsames (x35) überschreiben oder einfaches. das führt doch dazu, dass meine gelöschten daten noch zerfrikkelter, bzw schlechter wieder zusammensetzbar auf meiner festplatte sind oder?
Richtig, je öfter die Daten überschrieben werden, desto schwerer ist es, diese wiederherzustellen.
Ich persönlich würde die Daten nicht 35 mal überschreiben lassen, vielleicht maximal 7 mal... sonst dauert das ja ewig.






Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.


Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
 
 


Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Gruß
M-K-D-B



Das Trojaner-Board unterstützen

Alt 10.04.2015, 21:01   #11
M-K-D-B
/// TB-Ausbilder
 
DropperGen/Malware/Spyware - das volle Programm - Standard

DropperGen/Malware/Spyware - das volle Programm



Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.
__________________
Gruß
M-K-D-B



Das Trojaner-Board unterstützen

Antwort

Themen zu DropperGen/Malware/Spyware - das volle Programm
adobe, adware, antivirus, bonjour, browser, defender, device driver, fehler, google, homepage, installation, installmanager.exe, langsam, launch, logfile, malware, programm, realtek, registry, scan, security, services.exe, svchost.exe, system, system error, updates, warnung, windows



Ähnliche Themen: DropperGen/Malware/Spyware - das volle Programm


  1. SUPER Anti SPYWARE Programm Log
    Log-Analyse und Auswertung - 24.10.2013 (5)
  2. Malware Yontoo // Malwarebytes-Anti-Malware-Programm keine identifizierte Datei gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (14)
  3. TR/Crypt.XPACK.Gen3, Desktop schwarz, Icons weg, System Neustart, Redirects, das volle Programm
    Log-Analyse und Auswertung - 17.07.2011 (15)
  4. Malware Spyware.passwords.xgen durch Malwarebyte Anti-Malware erkannt.
    Plagegeister aller Art und deren Bekämpfung - 19.12.2010 (50)
  5. Wahrscheinlich TR/DropperGen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2009 (0)
  6. Trojaner.DropperGen; twext.exe
    Log-Analyse und Auswertung - 16.05.2009 (12)
  7. ROUGE.Mediawebplayer /TR/DropperGen
    Log-Analyse und Auswertung - 18.02.2009 (4)
  8. TR/DropperGen
    Plagegeister aller Art und deren Bekämpfung - 15.02.2009 (12)
  9. trojaner angriff, das volle programm, SPR/Fake.XPAntiSp.1, TR/Crypt.XPACK.Gen,TR/ ...
    Mülltonne - 24.10.2008 (0)
  10. Programm: Super Anti Spyware
    Antiviren-, Firewall- und andere Schutzprogramme - 09.03.2008 (7)
  11. Spyware Programm
    Log-Analyse und Auswertung - 18.11.2007 (1)
  12. Zuverlässiges Anti Spyware Programm (Onguard!)
    Antiviren-, Firewall- und andere Schutzprogramme - 06.12.2006 (1)
  13. Anti spyware programm
    Antiviren-, Firewall- und andere Schutzprogramme - 29.04.2006 (5)
  14. Das volle Programm....
    Log-Analyse und Auswertung - 23.04.2006 (7)
  15. Welches Anti Spyware Programm
    Antiviren-, Firewall- und andere Schutzprogramme - 08.01.2006 (10)
  16. Ich mache ein Anti Spyware programm
    Mülltonne - 11.09.2005 (7)
  17. das volle programm
    Plagegeister aller Art und deren Bekämpfung - 20.01.2005 (1)

Zum Thema DropperGen/Malware/Spyware - das volle Programm - Hallöchen, mein Name ist Yasmin und ich habe hier einen verseuchten Laptop. Als ich gestern bei meiner Freundin war hat sie ihn angemacht und wir wollte mir zeigen wie langsam, - DropperGen/Malware/Spyware - das volle Programm...
Archiv
Du betrachtest: DropperGen/Malware/Spyware - das volle Programm auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.