Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Google hängt ?trackid=sp-006 (https://www.trojaner-board.de/164531-google-haengt-trackid-sp-006-a.html)

EsleTra 27.02.2015 19:46
Google hängt ?trackid=sp-006
 
Hallo habe das Problem bei der Google suche das mit immer das ?tracking=sp-006 angehängt wir.
PC ist auch sehr langsam.
Habe Avasti ohne Erfolg duchsuchen lassen.
Und das AdwCleaner hat auch gescannt und 2 Programme gelöscht.

Vielen Dank im VorrausAdwCleaner Logfile:
Code:
# AdwCleaner v4.111 - Bericht erstellt 27/02/2015 um 19:22:04
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Server]
# Betriebssystem : Windows 8.1 Connected  (x86)
# Benutzername : Esther - ESTHERTABLET
# Gestarted von : C:\Users\Esther\Downloads\adwcleaner_4.111.exe
# Option : Suchlauf

***** [ Dienste ] *****

Dienst Gefunden : VisualDiscovery
Dienst Gefunden : VDWFP

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\WINDOWS\system32\roboot.exe
Datei Gefunden : C:\WINDOWS\system32\VisualDiscovery.ini
Datei Gefunden : C:\WINDOWS\system32\VisualDiscoveryOff.ini
Ordner Gefunden : C:\Program Files\AskPartnerNetwork
Ordner Gefunden : C:\ProgramData\apn
Ordner Gefunden : C:\ProgramData\AskPartnerNetwork
Ordner Gefunden : C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Ordner Gefunden : C:\Users\Esther\AppData\Local\Temp\apn
Ordner Gefunden : C:\Users\Esther\AppData\Roaming\Solvusoft

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Schlüssel Gefunden : HKCU\Software\Classes\pokki
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Pokki
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Superfish Inc. VisualDiscovery
Schlüssel Gefunden : HKLM\SOFTWARE\Superfish Inc. VisualDiscovery
Schlüssel Gefunden : HKLM\SOFTWARE\VisualDiscovery
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v


-\\ Google Chrome v40.0.2214.115


-\\ Chromium v


-\\ Opera v0.0.0.0

*************************

AdwCleaner[R0].txt - [2981 Bytes] - [27/02/2015 19:22:04]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3040 Bytes] ##########
--- --- ---

schrauber 27.02.2015 19:53
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


EsleTra 27.02.2015 20:09
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01
Ran by Esther (administrator) on ESTHERTABLET on 27-02-2015 20:02:18
Running from C:\Users\Esther\Downloads
Loaded Profiles: Esther (Available profiles: Esther)
Platform: Microsoft Windows 8.1 mit Bing (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\ModeTran_cp.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Kingsoft Corporation) C:\Program Files\cmcm\Clean Master\cmcore.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\FolioSer.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Lenovo Updates\LUService.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
() C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\ModeTran.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Kingsoft Corporation) C:\Program Files\cmcm\Clean Master\cmtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Dropbox, Inc.) C:\Users\Esther\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\Lenovo\CCSDK\CCSDK.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
() C:\Program Files\Lenovo\CCSDK\WinGather.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.3327.1030_x86__8wekyb3d8bbwe\onenoteim.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Lenovo Updates\LU.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\System32\DptfPolicyLpmServiceHelper.exe [73216 2014-11-30] (Intel Corporation)
HKLM\...\Run: [cmsc] => c:\program files\cmcm\Clean Master\cmtray.exe [468328 2015-01-24] (Kingsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-05] (AVAST Software)
HKU\S-1-5-21-3110719337-2088587715-331825505-1001\...\Run: [GoogleChromeAutoLaunch_37877E3861D099977F5D28FC5702DC0B] => C:\Program Files\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-3110719337-2088587715-331825505-1001\...\RunOnce: [Application Restart #3] => C:\Users\Esther\AppData\Local\Pokki\Engine\HostAppService.exe [7846216 2015-02-05] (Pokki)
Startup: C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3110719337-2088587715-331825505-1001\Software\Microsoft\Internet Explorer\Main,Start Page = Homepage
HKU\S-1-5-21-3110719337-2088587715-331825505-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3110719337-2088587715-331825505-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
HKU\S-1-5-21-3110719337-2088587715-331825505-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3110719337-2088587715-331825505-1001 -> {26E400EB-FF76-4A9F-88BD-9BD17C9EC864} URL =
SearchScopes: HKU\S-1-5-21-3110719337-2088587715-331825505-1001 -> {BCA6DD76-B67D-11E4-972D-40E2304BE8F2} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Winsock: Catalog5 09 C:\WINDOWS\system32\wlidnsp.dll [49664] (Microsoft Corporation)
Winsock: Catalog5 10 C:\WINDOWS\system32\wlidnsp.dll [49664] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Esther\AppData\Roaming\Mozilla\Firefox\Profiles\iq4j4a5p.default
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Extension: Amazon-Icon - C:\Users\Esther\AppData\Roaming\Mozilla\Firefox\Profiles\iq4j4a5p.default\Extensions\amazon-icon@giga.de [2015-02-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-05]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://google.de/
CHR StartupUrls: Default -> "hxxp://www.delta-search.com/?affID=120518&tt=190313_wo3&babsrc=HP_ss&mntrId=B0A9BC05430E79B2", "hxxp://www.giga.de/my_homepage/0022/", "hxxp://isearch.avg.com?cid={CC37F0BC-AA78-474C-A059-8A496B9BA64A}&mid=a9335737799b47d0b6dc016ecee48aac-7a044ede462d0fc8a954fa45c38878beea4ac26d&lang=de&ds=AVG&coid=avgtbavg&pr=pr&d=2013-10-07 13:11:04&v=17.0.1.12&pid=avg&sg=0&sap=hp", "hxxp://homepage-web.com/?s=lenovo&m=start", "hxxp://www.lenovo.com"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSearchURL: Default -> https://www.google.de/search?q={searchTerms}?trackid=sp-006
CHR DefaultSuggestURL: Default -> https://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24]
CHR Extension: (Google Drive) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-24]
CHR Extension: (YouTube) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-24]
CHR Extension: (Facebook) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-01-24]
CHR Extension: (GMX MailCheck) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2015-01-24]
CHR Extension: (Pushbullet) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-02-24]
CHR Extension: (Google Search) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-24]
CHR Extension: (Google Sheets) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-24]
CHR Extension: (Avast Online Security) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-05]
CHR Extension: (Google Play) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-01-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-26]
CHR Extension: (Google Wallet) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
CHR Extension: (Gmail) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-24]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-05]
CHR HKU\S-1-5-21-3110719337-2088587715-331825505-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-05] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-02-05] (Avast Software)
R2 BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [161496 2014-11-30] ()
R2 CCSDK; C:\Program Files\Lenovo\CCSDK\CCSDK.exe [592880 2014-11-30] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1840304 2015-01-13] (Microsoft Corporation)
R2 cmcore; c:\program files\cmcm\Clean Master\cmcore.exe [315240 2015-01-24] (Kingsoft Corporation)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [279000 2014-11-30] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [75264 2014-11-30] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [89088 2014-11-30] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [82432 2014-11-30] (Intel Corporation)
R2 FOLIOSRV; C:\Program Files\Lenovo\FolioCase\FolioSer.exe [23552 2014-11-30] (Lenovo) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [277976 2014-11-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2014-11-30] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2014-11-30] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-11-30] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\lenovo\easyplussdk\bin\EPHotspot.exe [439040 2014-11-30] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-11-21] (LENOVO INCORPORATED.)
R2 LUService; C:\Program Files\Lenovo\Lenovo Updates\LUService.exe [38896 2014-11-30] (Lenovo(beijing) Limited)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2014-11-30] (Nitro PDF Software)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 VeriFaceSrv; C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [54544 2014-11-30] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-22] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1222144 2014-07-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acpials; C:\WINDOWS\system32\DRIVERS\acpials.sys [7680 2014-03-18] (Microsoft Corporation)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-02-05] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73480 2015-02-05] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [81768 2015-02-05] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-02-05] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-02-05] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-02-05] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [91496 2015-02-05] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-02-05] ()
S3 AX88772; C:\WINDOWS\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
R3 BMA2x2Accelerometer; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-11-30] (Microsoft Corporation)
R3 BthA2DP; C:\WINDOWS\system32\drivers\BthA2DP.sys [107648 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [186880 2014-03-18] (Microsoft Corporation)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [460800 2014-11-30] (Intel Corporation)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [36352 2014-11-30] (Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\system32\DRIVERS\DptfDevPower.sys [17408 2014-11-30] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\system32\DRIVERS\DptfDevDisplay.sys [19968 2014-11-30] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [28160 2014-11-30] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [72704 2014-11-30] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [174080 2014-11-30] (Intel Corporation)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2014-11-30] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2014-11-30] (Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [58368 2014-11-30] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2014-11-30] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32152 2014-11-30] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [263168 2014-11-30] (Intel(R) Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2014-11-30] (Intel Corporation)
R3 ksapi; C:\WINDOWS\system32\drivers\ksapi.sys [81768 2015-01-24] (Kingsoft Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21968 2014-11-30] (Intel Corporation)
R3 ov2722; C:\WINDOWS\System32\drivers\ov2722.sys [49152 2014-11-30] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [48128 2014-11-30] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [183000 2014-11-30] (Realtek Semiconductor Corp.)
R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [508120 2014-11-30] (Realtek Semiconductor Corporation)
R3 RtlWlans; C:\WINDOWS\system32\DRIVERS\rtwlans.sys [2798808 2014-11-30] (Realtek Semiconductor Corporation                          )
R3 SensorsAlsDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-11-30] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-11-30] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-11-30] (Microsoft Corporation)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2014-11-30] (Intel Corporation)
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-02-05] (Avast Software)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84800 2014-09-22] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
R3 WUDFSensorLP; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-11-30] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-11-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-27 20:02 - 2015-02-27 20:02 - 00022477 ____C () C:\Users\Esther\Downloads\FRST.txt
2015-02-27 20:02 - 2015-02-27 20:02 - 00000000 ___DC () C:\FRST
2015-02-27 20:01 - 2015-02-27 20:01 - 01127424 ____C (Farbar) C:\Users\Esther\Downloads\FRST.exe
2015-02-27 19:29 - 2015-02-27 19:29 - 00476936 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-27 19:29 - 2015-02-27 19:29 - 00000714 ____C () C:\WINDOWS\PFRO.log
2015-02-27 19:22 - 2015-02-27 19:28 - 00000000 ___DC () C:\AdwCleaner
2015-02-27 19:20 - 2015-02-27 19:21 - 02126848 ____C () C:\Users\Esther\Downloads\adwcleaner_4.111.exe
2015-02-27 17:25 - 2015-02-27 19:29 - 00000348 ____C () C:\WINDOWS\setupact.log
2015-02-27 17:25 - 2015-02-27 17:25 - 00000000 ____C () C:\WINDOWS\setuperr.log
2015-02-27 16:16 - 2015-02-27 17:28 - 00034816 ____C () C:\Users\Esther\Documents\Essensplan.xlt
2015-02-23 17:50 - 2012-06-20 11:13 - 30547340 ____C () C:\Users\Esther\Downloads\SVoice.apk
2015-02-23 17:48 - 2015-02-23 17:49 - 29634456 ____C () C:\Users\Esther\Downloads\SVoice.zip
2015-02-23 17:44 - 2015-02-23 17:44 - 01203488 ____C () C:\Users\Esther\Downloads\Samsung Galaxy S4 S Voice Android App - CHIP-Installer.exe
2015-02-23 17:41 - 2012-06-20 11:13 - 30547340 ____C () C:\Users\Esther\Documents\SVoice.apk
2015-02-23 17:37 - 2015-02-23 17:32 - 29634456 ____C () C:\Users\Esther\Documents\SVoice.zip
2015-02-23 17:37 - 2013-08-15 23:46 - 00608494 ____C () C:\Users\Esther\Documents\[Ebook][erotik] James, E. L. - Shades of Grey 01 - Geheimes Verlangen.epub
2015-02-23 17:36 - 2015-02-23 17:36 - 00000000 ___HC () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-02-23 13:40 - 2015-02-23 13:40 - 00000000 ___DC () C:\Users\Esther\Documents\EBook
2015-02-23 13:26 - 2015-02-23 17:51 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\MediaMonkey
2015-02-23 13:26 - 2015-02-23 13:26 - 00000602 ____C () C:\Users\Public\Desktop\MediaMonkey.lnk
2015-02-23 13:26 - 2015-02-23 13:26 - 00000000 ___DC () C:\Users\Esther\AppData\Local\MediaMonkey
2015-02-23 13:26 - 2015-02-23 13:26 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2015-02-23 13:25 - 2015-02-23 13:25 - 00000000 ___DC () C:\ProgramData\MediaMonkey
2015-02-23 13:22 - 2015-02-23 13:22 - 15204184 ____C (Ventis Media Inc. ) C:\Users\Esther\Downloads\MediaMonkey_4.1.5.1719.exe
2015-02-22 13:08 - 2015-02-22 13:08 - 00000748 ____C () C:\Users\Esther\Desktop\Waow - Verknüpfung.lnk
2015-02-22 13:07 - 2015-02-22 13:07 - 00000928 ____C () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Waow (2).lnk
2015-02-22 13:07 - 2015-02-12 18:21 - 28619213 ____C () C:\Users\Esther\Downloads\Waow.exe
2015-02-21 14:40 - 2015-02-27 19:44 - 01719696 ____C () C:\WINDOWS\WindowsUpdate.log
2015-02-19 10:57 - 2015-02-21 11:02 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\vlc
2015-02-19 10:57 - 2015-02-19 10:57 - 00000526 ____C () C:\Users\Public\Desktop\VLC media player.lnk
2015-02-19 10:57 - 2015-02-19 10:57 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-02-19 10:53 - 2015-02-19 10:54 - 24743106 ____C () C:\Users\Esther\Downloads\vlc-2.1.5-win32.exe
2015-02-19 10:36 - 2015-02-19 10:36 - 28170335 ____C () C:\Users\Esther\Downloads\Waow_x86.zip
2015-02-17 20:04 - 2015-02-17 20:04 - 00000146 ____C () C:\Users\Esther\Downloads\stream (1).m3u
2015-02-17 20:03 - 2015-02-17 20:03 - 00000146 ____C () C:\Users\Esther\Downloads\stream.m3u
2015-02-17 20:01 - 2015-02-17 20:01 - 00002417 ____C () C:\Users\Esther\Desktop\Open Webif.lnk
2015-02-17 14:18 - 2015-01-23 04:17 - 04300800 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-17 13:11 - 2015-02-04 00:43 - 00202752 ____C (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-17 13:11 - 2015-02-04 00:08 - 00620544 ____C (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-17 13:11 - 2015-02-04 00:08 - 00325120 ____C (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-17 13:11 - 2015-02-03 00:11 - 00886784 ____C (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-17 13:11 - 2015-02-03 00:11 - 00766976 ____C (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-17 13:11 - 2015-02-03 00:11 - 00482304 ____C (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-17 10:56 - 2015-02-17 10:56 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\WinRAR
2015-02-17 10:56 - 2015-02-17 10:56 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-17 10:56 - 2015-02-17 10:56 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-17 10:55 - 2015-02-17 10:55 - 01869952 ____C () C:\Users\Esther\Downloads\wrar521d.exe
2015-02-17 10:50 - 2015-02-21 12:45 - 00000000 ___DC () C:\Users\Esther\AppData\Local\QuickPar
2015-02-17 10:48 - 2015-02-17 10:48 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
2015-02-17 10:48 - 2015-02-17 10:48 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
2015-02-17 10:47 - 2015-02-17 10:47 - 00503439 ____C (Peter B Clements) C:\Users\Esther\Downloads\QuickPar-0.9.1.0-DEU.exe
2015-02-17 10:28 - 2015-02-27 18:35 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\UseNeXT
2015-02-17 10:28 - 2015-02-27 18:31 - 00000000 ___DC () C:\Users\Esther\Documents\UseNeXT
2015-02-17 10:27 - 2015-02-17 10:27 - 00000482 ____C () C:\Users\Esther\Desktop\UseNeXT by Tangysoft.lnk
2015-02-17 10:27 - 2015-02-17 10:27 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
2015-02-17 10:25 - 2015-02-17 10:25 - 05270008 ____C (Tangysoft Ltd. ) C:\Users\Esther\Downloads\UseNeXTSetup_5.64.exe
2015-02-15 13:16 - 2015-02-15 13:17 - 05262374 ____C () C:\Users\Esther\Downloads\dreamboxEDIT_without_setup_6.0.1.1.zip
2015-02-15 12:15 - 2015-02-17 09:45 - 00000000 ___DC () C:\Users\Esther\Desktop\VuPlus EMM
2015-02-15 11:53 - 2015-02-15 11:53 - 00035328 __SHC () C:\Users\Esther\Desktop\Thumbs.db
2015-02-15 02:21 - 2015-02-19 10:32 - 00000000 ___DC () C:\Program Files\Notepad++
2015-02-15 02:21 - 2015-02-15 14:27 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\FileZilla
2015-02-15 02:21 - 2015-02-15 02:22 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\Notepad++
2015-02-15 02:21 - 2015-02-15 02:21 - 07965917 ____C () C:\Users\Esther\Downloads\npp.6.7.4.Installer.exe
2015-02-15 02:21 - 2015-02-15 02:21 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-02-15 02:21 - 2015-02-15 02:21 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-02-15 02:21 - 2015-02-15 02:21 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-02-15 02:21 - 2015-02-15 02:21 - 00000000 ___DC () C:\Program Files\FileZilla FTP Client
2015-02-15 02:20 - 2015-02-15 02:20 - 06372800 ____C (Tim Kosse) C:\Users\Esther\Downloads\FileZilla_3.10.1.1_win32-setup__1_.exe
2015-02-15 02:20 - 2015-02-15 02:20 - 06372800 ____C (Tim Kosse) C:\Users\Esther\Downloads\FileZilla_3.10.1.1_win32-setup__1_ (1).exe
2015-02-14 22:08 - 2015-02-14 22:10 - 05627963 ____C () C:\Users\Esther\Downloads\dcce2_150.zip
2015-02-14 21:21 - 2015-02-14 21:21 - 00000000 ___DC () C:\Users\Esther\Downloads\dcce2_120
2015-02-14 15:41 - 2015-02-14 15:41 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\WDC
2015-02-14 14:17 - 2015-02-14 14:17 - 00001138 ____C () C:\Users\Public\Desktop\WD My Cloud.lnk
2015-02-14 14:17 - 2015-02-14 14:17 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-02-14 14:17 - 2015-02-14 14:17 - 00000000 ___DC () C:\Program Files\Western Digital
2015-02-14 14:15 - 2015-02-14 14:16 - 00000000 ___DC () C:\Users\Esther\My Cloud
2015-02-14 14:13 - 2015-02-14 14:14 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\com.wd.WDMyCloud
2015-02-14 14:13 - 2015-02-14 14:13 - 00000204 ____C () C:\Users\Esther\Desktop\Lerncenter WD My Cloud.url
2015-02-14 14:13 - 2015-02-14 14:13 - 00000158 ____C () C:\Users\Esther\Desktop\WD My Cloud – Öffentliche Freigabe.url
2015-02-14 14:13 - 2015-02-14 14:13 - 00000154 ____C () C:\Users\Esther\Desktop\WD My Cloud-Dashboard.url
2015-02-14 14:13 - 2015-02-14 14:13 - 00000000 ___DC () C:\ProgramData\Western Digital
2015-02-14 14:13 - 2015-02-14 14:13 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour-Druckdienste
2015-02-14 14:13 - 2015-02-14 14:13 - 00000000 ___DC () C:\ProgramData\Apple
2015-02-14 14:13 - 2015-02-14 14:13 - 00000000 ___DC () C:\Program Files\Bonjour Print Services
2015-02-14 14:13 - 2015-02-14 14:13 - 00000000 ___DC () C:\Program Files\Bonjour
2015-02-14 14:11 - 2015-02-14 14:13 - 00000000 ___DC () C:\Users\Esther\AppData\Local\Western Digital
2015-02-14 14:10 - 2015-02-14 14:11 - 71601392 ____C () C:\Users\Esther\Downloads\mc_windows_setup.exe
2015-02-11 01:59 - 2015-01-13 23:04 - 01489072 ____C (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 01:59 - 2015-01-12 03:25 - 19740160 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 01:59 - 2015-01-12 03:08 - 00503296 ____C (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 01:59 - 2015-01-12 03:05 - 00064000 ____C (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 01:59 - 2015-01-12 03:02 - 02277888 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 01:59 - 2015-01-12 02:55 - 00664064 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 01:59 - 2015-01-12 02:45 - 00418304 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 01:59 - 2015-01-12 02:34 - 00128000 ____C (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-02-11 01:59 - 2015-01-12 02:30 - 00880128 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 01:59 - 2015-01-12 02:25 - 00230400 ____C (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 01:59 - 2015-01-12 02:23 - 02052608 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 01:59 - 2015-01-12 02:23 - 00688640 ____C (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 01:59 - 2015-01-12 02:23 - 00684544 ____C (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 01:59 - 2015-01-12 02:23 - 00327168 ____C (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 01:59 - 2015-01-12 02:14 - 12829184 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 01:59 - 2015-01-12 02:00 - 01888256 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 01:59 - 2015-01-12 01:56 - 01307136 ____C (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 01:59 - 2015-01-12 01:55 - 00710144 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 01:59 - 2015-01-10 07:38 - 00359424 ____C (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 01:58 - 2015-01-15 23:37 - 00478776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 01:58 - 2015-01-15 23:37 - 00148288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 01:58 - 2015-01-10 09:28 - 05769024 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 01:58 - 2015-01-10 09:28 - 01468408 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 01:58 - 2015-01-10 08:38 - 03550720 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 01:58 - 2014-12-09 04:45 - 00393728 ____C (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 01:58 - 2014-10-29 03:06 - 00736768 ____C (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 01:58 - 2014-10-29 03:06 - 00154112 ____C (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 01:58 - 2014-10-29 02:03 - 01117696 ____C (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-10 21:13 - 2015-02-10 21:13 - 00000218 ____C () C:\Users\Esther\.recently-used.xbel
2015-02-10 12:58 - 2015-02-10 12:58 - 00001063 ____C () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Waow.lnk
2015-02-06 20:50 - 2015-02-06 20:50 - 53948416 _____ () C:\WINDOWS\system32\config\SOFTWARE.sav.LOG
2015-02-06 20:50 - 2015-02-06 20:50 - 11268096 _____ () C:\WINDOWS\system32\config\SYSTEM.sav.LOG
2015-02-06 20:50 - 2015-02-06 20:50 - 00061440 _____ () C:\WINDOWS\system32\config\SAM.sav.LOG
2015-02-06 20:50 - 2015-02-06 20:50 - 00020480 _____ () C:\WINDOWS\system32\config\SECURITY.sav.LOG
2015-02-06 20:48 - 2015-02-06 20:50 - 00001660 ____C () C:\WINDOWS\system32\ASOROSet.bin
2015-02-06 20:48 - 2015-02-06 20:48 - 00000000 ____D () C:\WINDOWS\system32\config\RCCBakup
2015-02-06 19:21 - 2015-02-06 19:21 - 00000000 ___DC () C:\Users\Esther\AppData\Local\Temp826e779988384ef889c203d71b003d8e
2015-02-05 14:15 - 2015-02-20 19:58 - 00002152 ____C () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-05 14:15 - 2015-02-05 14:15 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-05 14:14 - 2015-02-05 14:14 - 00000000 ___DC () C:\Users\Esther\AppData\Local\Deployment
2015-02-05 14:14 - 2015-02-05 14:14 - 00000000 ___DC () C:\Users\Esther\AppData\Local\Apps\2.0
2015-02-05 13:08 - 2015-02-05 13:09 - 00000197 ____C () C:\WINDOWS\system32\2015-02-05-12-08-58.049-AvastVBoxSVC.exe-3996.log
2015-02-05 13:07 - 2015-02-27 19:30 - 00000000 __RDC () C:\Users\Esther\Dropbox
2015-02-05 13:07 - 2015-02-17 09:21 - 00001086 ____C () C:\Users\Esther\Desktop\Dropbox.lnk
2015-02-05 13:05 - 2015-02-17 09:21 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-05 13:04 - 2015-02-27 19:30 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\Dropbox
2015-02-05 12:54 - 2015-02-05 12:54 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\AVAST Software
2015-02-05 12:53 - 2015-02-05 12:54 - 00000000 ___DC () C:\WINDOWS\system32\vbox
2015-02-05 12:53 - 2015-02-05 12:53 - 00002144 ____C () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-05 12:53 - 2015-02-05 12:53 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-05 12:52 - 2015-02-05 12:53 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-02-05 12:52 - 2015-02-05 12:53 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-02-05 12:52 - 2015-02-05 12:53 - 00073480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-02-05 12:52 - 2015-02-05 12:52 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-02-05 12:52 - 2015-02-05 12:52 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-02-05 12:52 - 2015-02-05 12:52 - 00091496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-02-05 12:52 - 2015-02-05 12:52 - 00081768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-02-05 12:52 - 2015-02-05 12:52 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-02-05 12:52 - 2015-02-05 12:52 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-02-05 12:52 - 2015-02-05 12:52 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-02-05 12:46 - 2015-02-05 12:46 - 00000000 ___DC () C:\Program Files\AVAST Software
2015-02-05 12:45 - 2015-02-05 12:46 - 00000000 ___DC () C:\ProgramData\AVAST Software
2015-02-05 12:23 - 2014-12-31 12:13 - 00249488 ____C (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-02-04 09:59 - 2015-02-10 21:12 - 00000000 ___DC () C:\Program Files\Common Files\Skype
2015-02-04 09:59 - 2015-02-05 12:15 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\Skype
2015-02-04 09:59 - 2015-02-04 09:59 - 00000000 ___DC () C:\Users\Esther\AppData\Local\Skype
2015-02-04 09:58 - 2015-02-10 21:14 - 00000000 __RDC () C:\Program Files\Skype
2015-02-04 09:58 - 2015-02-10 21:12 - 00000000 ___DC () C:\ProgramData\Skype
2015-02-04 09:02 - 2015-02-27 15:09 - 00000000 ___DC () C:\Users\Esther\AppData\Local\Waow
2015-01-31 12:30 - 2015-01-31 12:48 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\griffith
2015-01-31 12:21 - 2015-01-31 12:21 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\Obsidium
2015-01-31 12:17 - 2015-01-31 12:23 - 00000000 ___DC () C:\ProgramData\AllMyMovies
2015-01-29 13:50 - 2015-01-29 13:50 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-29 13:50 - 2015-01-29 13:50 - 00000000 ___DC () C:\Program Files\Microsoft Silverlight
2015-01-28 14:05 - 2015-01-28 14:15 - 00000000 ___DC () C:\Users\Esther\AppData\Local\Facebook
2015-01-28 11:18 - 2014-07-24 14:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2015-01-28 11:18 - 2014-07-24 14:48 - 00362304 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2015-01-28 11:18 - 2014-07-24 14:48 - 00111424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2015-01-28 11:18 - 2014-07-24 14:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-01-28 11:18 - 2014-07-24 14:40 - 01678656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-01-28 11:18 - 2014-07-24 14:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-01-28 11:18 - 2014-07-24 14:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-01-28 11:18 - 2014-07-24 14:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2015-01-28 11:18 - 2014-07-24 11:44 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2015-01-28 11:18 - 2014-07-24 11:44 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2015-01-28 11:18 - 2014-07-24 10:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-01-28 11:18 - 2014-07-24 10:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-01-28 11:18 - 2014-07-24 10:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-01-28 11:18 - 2014-07-24 10:04 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2015-01-28 11:18 - 2014-07-24 09:39 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2015-01-28 11:18 - 2014-07-24 09:29 - 01161216 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2015-01-28 11:18 - 2014-07-24 09:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-01-28 11:18 - 2014-07-24 09:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2015-01-28 11:18 - 2014-07-24 09:16 - 01313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-01-28 11:18 - 2014-07-24 09:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-01-28 11:18 - 2014-07-24 09:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-01-28 11:18 - 2014-07-24 09:05 - 00535552 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-01-28 11:18 - 2014-07-24 08:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2015-01-28 11:18 - 2014-07-24 08:23 - 01222144 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-01-28 11:18 - 2014-07-24 05:13 - 00513544 _____ () C:\WINDOWS\system32\locale.nls
2015-01-28 11:18 - 2014-07-04 10:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2015-01-28 11:18 - 2014-06-14 06:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2015-01-28 11:18 - 2014-05-06 01:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-01-28 11:17 - 2014-07-24 14:50 - 01371176 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-01-28 11:17 - 2014-07-24 14:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-01-28 11:17 - 2014-07-24 14:48 - 00338240 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-01-28 11:17 - 2014-07-24 14:48 - 00211776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2015-01-28 11:17 - 2014-07-24 14:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
2015-01-28 11:17 - 2014-07-24 14:39 - 01390448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-01-28 11:17 - 2014-07-24 14:39 - 01281440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-01-28 11:17 - 2014-07-24 14:39 - 01271096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-01-28 11:17 - 2014-07-24 14:39 - 01168344 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-01-28 11:17 - 2014-07-24 14:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-01-28 11:17 - 2014-07-24 11:46 - 00068608 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2015-01-28 11:17 - 2014-07-24 11:45 - 00069632 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-01-28 11:17 - 2014-07-24 11:43 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2015-01-28 11:17 - 2014-07-24 11:43 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2015-01-28 11:17 - 2014-07-24 11:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-01-28 11:17 - 2014-07-24 11:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2015-01-28 11:17 - 2014-07-24 11:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2015-01-28 11:17 - 2014-07-24 10:55 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2015-01-28 11:17 - 2014-07-24 10:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2015-01-28 11:17 - 2014-07-24 10:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2015-01-28 11:17 - 2014-07-24 10:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2015-01-28 11:17 - 2014-07-24 10:23 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2015-01-28 11:17 - 2014-07-24 09:44 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-01-28 11:17 - 2014-07-24 09:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2015-01-28 11:17 - 2014-07-24 09:40 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2015-01-28 11:17 - 2014-07-24 09:32 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2015-01-28 11:17 - 2014-07-24 09:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2015-01-28 11:17 - 2014-07-24 09:29 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2015-01-28 11:17 - 2014-07-24 09:27 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-01-28 11:17 - 2014-07-24 09:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2015-01-28 11:17 - 2014-07-24 09:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2015-01-28 11:17 - 2014-07-24 09:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2015-01-28 11:17 - 2014-07-24 09:04 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2015-01-28 11:17 - 2014-07-24 08:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2015-01-28 11:17 - 2014-07-24 08:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-01-28 11:17 - 2014-07-12 05:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2015-01-28 11:17 - 2014-07-04 11:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2015-01-28 11:17 - 2014-06-27 06:31 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2015-01-28 11:17 - 2014-06-26 01:32 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2015-01-28 11:17 - 2014-06-20 00:41 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-01-28 11:17 - 2014-06-19 01:56 - 00264512 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2015-01-28 11:17 - 2014-06-07 11:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2015-01-28 11:17 - 2014-06-05 13:59 - 00869720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-01-28 11:17 - 2014-06-05 10:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2015-01-28 11:17 - 2014-05-31 05:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2015-01-28 11:17 - 2014-05-29 06:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2015-01-28 11:17 - 2014-05-26 08:16 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-01-28 11:17 - 2014-05-10 09:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-01-28 11:17 - 2014-03-25 02:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2015-01-28 11:17 - 2014-03-25 02:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2015-01-28 11:16 - 2014-07-24 11:52 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2015-01-28 11:16 - 2014-07-24 11:52 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
2015-01-28 11:16 - 2014-07-24 11:52 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2015-01-28 11:16 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2015-01-28 11:16 - 2014-07-24 11:51 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2015-01-28 11:16 - 2014-07-24 11:51 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2015-01-28 11:16 - 2014-07-24 11:51 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2015-01-28 11:16 - 2014-07-24 11:42 - 00095744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-01-28 11:16 - 2014-07-24 10:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2015-01-28 11:16 - 2014-07-24 10:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-01-28 11:16 - 2014-07-24 10:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2015-01-28 11:16 - 2014-07-24 09:51 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2015-01-28 11:16 - 2014-07-24 09:49 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2015-01-28 11:16 - 2014-07-24 09:39 - 00178176 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2015-01-28 11:16 - 2014-07-24 09:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2015-01-28 11:16 - 2014-07-24 09:06 - 01108480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-01-28 11:16 - 2014-07-24 08:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-01-28 11:16 - 2014-07-04 13:05 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2015-01-28 11:16 - 2014-07-04 11:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-01-28 10:56 - 2015-01-28 10:56 - 00000000 _SHDC () C:\Users\Esther\AppData\Local\EmieBrowserModeList
2015-01-28 10:47 - 2015-01-28 10:47 - 00002174 ____C () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2015-01-28 10:46 - 2015-02-19 09:51 - 00000000 __SDC () C:\WINDOWS\system32\CompatTel
2015-01-28 10:46 - 2015-02-19 09:51 - 00000000 ___DC () C:\WINDOWS\system32\appraiser
2015-01-28 10:17 - 2015-01-28 10:17 - 00483321 ____C () C:\Users\Esther\Documents\Unterrichts-St (1).oxps
2015-01-28 10:14 - 2015-01-28 10:14 - 00483314 ____C () C:\Users\Esther\Documents\Unterrichts-St.oxps
2015-01-28 08:47 - 2015-01-28 08:47 - 00000000 ___DC () C:\Users\Esther\AppData\Local\Chromium
2015-01-28 08:47 - 2015-01-28 08:47 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2015-01-28 08:47 - 2015-01-28 08:47 - 00000000 ___DC () C:\Program Files\SRWare Iron
2015-01-28 08:18 - 2015-01-28 08:18 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\Nitro PDF

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-27 20:00 - 2013-08-22 09:17 - 00000000 ___DC () C:\WINDOWS\system32\sru
2015-02-27 19:59 - 2015-01-25 16:49 - 00001132 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d038b68e08b2a9.job
2015-02-27 19:54 - 2013-08-22 09:17 - 00000000 ___DC () C:\WINDOWS\Microsoft.NET
2015-02-27 19:34 - 2014-03-18 08:50 - 01776918 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-27 19:30 - 2015-01-24 15:03 - 00000000 __DOC () C:\Users\Esther\OneDrive
2015-02-27 19:29 - 2015-01-25 16:44 - 00001128 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-27 19:29 - 2013-08-22 08:23 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2015-02-27 19:28 - 2014-11-30 13:32 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf
2015-02-27 19:28 - 2013-08-22 07:13 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-27 19:12 - 2015-01-24 14:56 - 00000000 ___DC () C:\Users\Esther\AppData\Local\Pokki
2015-02-27 16:11 - 2013-08-22 09:17 - 00000000 ___DC () C:\WINDOWS\AppReadiness
2015-02-24 07:56 - 2015-01-24 16:12 - 00000000 ___DC () C:\Program Files\Microsoft Office 15
2015-02-18 04:23 - 2013-08-22 09:05 - 00000000 ___DC () C:\WINDOWS\CbsTemp
2015-02-17 16:40 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-17 09:17 - 2013-08-22 09:17 - 00000000 ___DC () C:\WINDOWS\system32\de-DE
2015-02-14 14:15 - 2015-01-24 14:56 - 00000000 ___DC () C:\Users\Esther
2015-02-10 21:19 - 2015-01-24 15:28 - 00000000 ___DC () C:\Users\Esther\AppData\Local\Google
2015-02-10 21:16 - 2015-01-25 11:10 - 00000000 ___DC () C:\Program Files\OpenOffice 4
2015-02-06 21:08 - 2015-01-25 14:46 - 00000017 ____C () C:\Users\Esther\AppData\Roaming\AquaCalculatorBL.AUsr
2015-02-06 20:46 - 2015-01-26 14:39 - 00000000 ___DC () C:\Program Files\TeamViewer
2015-02-06 20:41 - 2015-01-25 17:09 - 00000000 ___DC () C:\Users\Esther\AppData\Local\Lenovo
2015-02-06 20:41 - 2014-11-30 13:32 - 00000000 ___DC () C:\ProgramData\Lenovo
2015-02-06 20:40 - 2014-11-30 13:32 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-02-06 20:40 - 2014-11-30 13:12 - 00000000 ___DC () C:\Program Files\Lenovo
2015-02-05 14:14 - 2015-01-25 11:49 - 00002345 ____C () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-02-05 12:47 - 2014-11-30 13:33 - 00000000 ___DC () C:\ProgramData\McAfee
2015-02-05 12:20 - 2013-08-22 09:17 - 00000000 __HDC () C:\WINDOWS\ELAMBKUP
2015-02-05 12:19 - 2013-08-22 07:21 - 00000000 __RDC () C:\Users\Public
2015-02-05 12:15 - 2015-01-26 11:10 - 00000000 __RDC () C:\Users\Esther\Google Drive
2015-02-05 11:07 - 2015-01-25 11:10 - 00000000 ___DC () C:\Program Files\Opera
2015-02-03 20:31 - 2013-08-22 09:18 - 00714720 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 09:18 - 00106976 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-02 07:40 - 2013-08-22 09:17 - 00000000 ___DC () C:\WINDOWS\system32\NDF
2015-02-01 05:46 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-31 12:21 - 2015-01-26 14:39 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\TeamViewer
2015-01-28 14:07 - 2014-11-30 21:17 - 00000000 ___DC () C:\WINDOWS\system32\Drivers\de-DE
2015-01-28 14:07 - 2014-03-18 08:36 - 00000000 ___DC () C:\Program Files\Windows Journal
2015-01-28 14:07 - 2013-08-22 09:17 - 00000000 __RDC () C:\WINDOWS\ImmersiveControlPanel
2015-01-28 14:07 - 2013-08-22 09:17 - 00000000 __RDC () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-28 14:07 - 2013-08-22 09:17 - 00000000 __RDC () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-28 14:07 - 2013-08-22 09:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-01-28 13:34 - 2014-11-30 14:13 - 00000000 ___DC () C:\WINDOWS\Minidump
2015-01-28 11:16 - 2013-08-22 09:17 - 00000000 ___DC () C:\WINDOWS\system32\Recovery
2015-01-28 04:18 - 2013-08-22 09:17 - 00000000 ___DC () C:\Program Files\Common Files\microsoft shared

==================== Files in the root of some directories =======

2015-01-25 14:46 - 2015-02-06 21:08 - 0000017 ____C () C:\Users\Esther\AppData\Roaming\AquaCalculatorBL.AUsr
2015-01-27 12:20 - 2015-01-27 12:20 - 0007602 ____C () C:\Users\Esther\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Esther\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg_tdzy.dll
C:\Users\Esther\AppData\Local\Temp\Quarantine.exe
C:\Users\Esther\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-27 19:54

==================== End Of Log ============================
--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-02-2015 01
Ran by Esther at 2015-02-27 20:03:44
Running from C:\Users\Esther\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Benutzerhandbücher (Version: 3.0.0.3 - Lenovo) Hidden
Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{9D210D79-AEC5-453B-960C-4DD2C73931E1}) (Version: 2.0.2.0 - Apple Inc.)
CCSDK (HKLM\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.0.3.4 - Lenovo)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Clean Master (HKLM\...\Clean Master) (Version: 1.0 - Cheetah Mobile)
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dropbox (HKU\S-1-5-21-3110719337-2088587715-331825505-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
FileZilla Client 3.10.1.1 (HKLM\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse)
FolioCase (HKLM\...\InstallShield_{1979BBD9-9327-44F8-B593-515B29BE9BAB}) (Version: 1.00.0002 - Lenovo)
FolioCase (Version: 1.00.0002 - Lenovo) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.32.00 - Lenovo Group Limited)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo SHAREit (HKLM\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo Updates (HKLM\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.1.0.61 - Lenovo)
Lenovo Updates (Version: 1.1.0.61 - Lenovo) Hidden
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.11.14.7251 - Lenovo)
MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Metric Collection SDK 35 (Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3110719337-2088587715-331825505-1001\...\OneDriveSetup.exe) (Version: 17.3.4713.0209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{53D8DB49-A741-406E-B09C-8676FB05AE79}) (Version: 9.0.5.9 - Nitro)
Notepad++ (HKLM\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
QuickPar 0.9 (HKLM\...\QuickPar) (Version: 0.9 - Peter B. Clements)
REALTEK Bluetooth (HKLM\...\InstallShield_{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.65.40919 - Realtek Semiconductor Corp.)
REALTEK Bluetooth (Version: 1.0.65.40919 - Ihr Firmenname) Hidden
REALTEK Wireless LAN Driver (HKLM\...\{33AABC60-A52F-41FF-B2B9-17321240CD5}) (Version: 1.01.0243 - REALTEK Semiconductor Corp.)
SIL Editor 5.0.0.12 (HKLM\...\SIL Editor_is1) (Version: 5.0.0.12 - SiComponents)
SRWare Iron Version SRWare Iron 39.2100.0 (HKLM\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 39.2100.0 - SRWare)
Start Menu (HKU\S-1-5-21-3110719337-2088587715-331825505-1001\...\Pokki_Start_Menu) (Version: 0.269.5.465 - Pokki)
UESDK (HKLM\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.2.7 - Lenovo)
UseNeXT by Tangysoft (HKLM\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
User Manuals (HKLM\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD My Cloud (HKLM\...\{642CACF0-75DB-4C23-BD16-706723E5F71F}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
WinRAR 5.21 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3110719337-2088587715-331825505-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110719337-2088587715-331825505-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110719337-2088587715-331825505-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Esther\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3110719337-2088587715-331825505-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110719337-2088587715-331825505-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110719337-2088587715-331825505-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110719337-2088587715-331825505-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110719337-2088587715-331825505-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110719337-2088587715-331825505-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110719337-2088587715-331825505-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110719337-2088587715-331825505-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:13 - 2013-08-22 07:13 - 00000824 ___AC C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E15F839-1675-46C2-8056-7E8D361C9066} - System32\Tasks\GoogleUpdateTaskMachineCore1d037e213f8760c => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)
Task: {19873B4A-ACF8-46BD-84B4-27A9BFB4C010} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files\CHIP Updater\CHIPUpdater.exe
Task: {2F6CCDCD-D96E-406D-A774-7D9250A197C4} - System32\Tasks\Microsoft Office 15 Sync Maintenance for EstherTablet-Esther EstherTablet => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-01-06] (Microsoft Corporation)
Task: {507F0A23-93D4-4EDA-ABA6-F130A6E271BA} - System32\Tasks\GoogleUpdateTaskMachineUA1d038b68e08b2a9 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)
Task: {51ACCA4A-7759-44D7-A3CE-8382DBB49E67} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {58EE8A82-4FF1-4123-8F4F-8997061492E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)
Task: {7E2CA2FB-1D85-4592-924D-491D1493EED5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)
Task: {80D0DD04-87FE-4E28-B475-A80DD7CA854F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-31] (Microsoft Corporation)
Task: {9CA580F7-43E8-44C8-BC9A-BB7866629E6E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-11-30] (Lenovo)
Task: {AAF8D526-74A8-4357-B08E-A0EA58F56547} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-01-14] (Microsoft Corporation)
Task: {ADE79466-E575-4543-8DB4-F03E2FA858F1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {B9057B45-BBE6-41A2-95BC-55A64C5BA005} - System32\Tasks\{24CA4DDA-2AAE-4218-A70A-0951F3316692} => pcalua.exe -a "C:\Program Files\BlueStacks\HD-RuntimeUninstaller.exe"
Task: {C5E1698B-71F4-465D-8961-6F6575C756C9} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2015-01-24] (Lenovo)
Task: {D1F99510-DBEC-4C88-97D0-0DF49ABAD2CC} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3110719337-2088587715-331825505-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {EB66F109-0F72-4FE1-B662-F928F63064EE} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-11-21] ()
Task: {EDD56B1E-C963-48BF-8D30-FF79075DA63F} - System32\Tasks\avastBCLRestartS-1-5-21-3110719337-2088587715-331825505-1001 => Chrome.exe
Task: {FAD04FD0-47E2-4271-A521-417BBA907BF9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-11-21] (Lenovo)
Task: {FE2A2E72-66B0-48AA-ACFB-4C12AF122C8A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-05] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d038b68e08b2a9.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-27 15:07 - 2015-02-27 15:07 - 02913792 _____ () C:\Program Files\AVAST Software\Avast\defs\15022700\algo.dll
2015-02-05 12:51 - 2015-02-05 12:51 - 02151544 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxVMM.dll
2015-02-05 12:51 - 2015-02-05 12:51 - 04474224 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2015-02-05 12:51 - 2015-02-05 12:51 - 00021488 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM.dll
2014-11-30 13:12 - 2014-11-30 23:05 - 00161496 _____ () C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
2015-01-24 16:12 - 2014-05-20 02:11 - 00080040 ____C () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2014-11-30 13:32 - 2014-11-30 23:05 - 00054544 _____ () C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2014-11-30 13:32 - 2014-11-30 23:05 - 00510224 _____ () C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2015-02-05 12:51 - 2015-02-05 12:51 - 00317632 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-01-25 10:07 - 2015-01-25 10:07 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-02-01 12:17 - 2015-02-01 12:17 - 00039200 ____C () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 ____C () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 ____C () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2015-02-05 12:51 - 2015-02-05 12:52 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-20 19:57 - 2015-02-17 23:44 - 01117512 ____C () C:\Program Files\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 19:57 - 2015-02-17 23:44 - 00211272 ____C () C:\Program Files\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 19:57 - 2015-02-17 23:44 - 09171272 ____C () C:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 ____C () C:\Users\Esther\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-27 19:30 - 2015-02-27 19:30 - 00043008 ____C () c:\users\esther\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg_tdzy.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 ____C () C:\Users\Esther\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 ____C () C:\Users\Esther\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 ____C () C:\Users\Esther\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-11-30 13:32 - 2014-11-30 23:05 - 00592880 _____ () C:\Program Files\Lenovo\CCSDK\CCSDK.exe
2014-11-30 13:32 - 2014-11-30 23:05 - 00397296 _____ () C:\Program Files\Lenovo\CCSDK\WinGather.exe
2015-02-20 19:57 - 2015-02-17 23:44 - 14965064 ____C () C:\Program Files\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Esther\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VisualDiscovery => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3110719337-2088587715-331825505-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3110719337-2088587715-331825505-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3110719337-2088587715-331825505-1001\...\StartupApproved\Run: => "Skype"

==================== Accounts: =============================

Administrator (S-1-5-21-3110719337-2088587715-331825505-500 - Administrator - Disabled)
Esther (S-1-5-21-3110719337-2088587715-331825505-1001 - Administrator - Enabled) => C:\Users\Esther
Gast (S-1-5-21-3110719337-2088587715-331825505-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3110719337-2088587715-331825505-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2015 03:10:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1938

Startzeit: 01d0529676efb23c

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 6a353f8c-be8a-11e4-972e-40e2304be8f2

Vollständiger Name des fehlerhaften Pakets: Facebook.Facebook_1.4.0.9_x86__8xx8rvfyw5nnt

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/25/2015 09:00:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2d04

Startzeit: 01d0513558a6273e

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: cf43a8a8-bd28-11e4-972e-40e2304be8f2

Vollständiger Name des fehlerhaften Pakets: Facebook.Facebook_1.4.0.9_x86__8xx8rvfyw5nnt

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/25/2015 08:54:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2538

Startzeit: 01d0513489a6f25d

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 0049e9b8-bd28-11e4-972e-40e2304be8f2

Vollständiger Name des fehlerhaften Pakets: Facebook.Facebook_1.4.0.9_x86__8xx8rvfyw5nnt

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/25/2015 08:45:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2588

Startzeit: 01d0513343598d80

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: b9dc9f24-bd26-11e4-972e-40e2304be8f2

Vollständiger Name des fehlerhaften Pakets: Facebook.Facebook_1.4.0.9_x86__8xx8rvfyw5nnt

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/25/2015 08:38:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2adc

Startzeit: 01d0513262c19b09

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: d9515e21-bd25-11e4-972e-40e2304be8f2

Vollständiger Name des fehlerhaften Pakets: Facebook.Facebook_1.4.0.9_x86__8xx8rvfyw5nnt

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/25/2015 08:24:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1464

Startzeit: 01d0513055f8a981

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: cc96582f-bd23-11e4-972e-40e2304be8f2

Vollständiger Name des fehlerhaften Pakets: Facebook.Facebook_1.4.0.9_x86__8xx8rvfyw5nnt

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/25/2015 08:17:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1c38

Startzeit: 01d0512f5aa5ec07

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: d12adf4a-bd22-11e4-972e-40e2304be8f2

Vollständiger Name des fehlerhaften Pakets: Facebook.Facebook_1.4.0.9_x86__8xx8rvfyw5nnt

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/25/2015 08:06:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 23c

Startzeit: 01d0512de0ab4111

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 572f3c59-bd21-11e4-972e-40e2304be8f2

Vollständiger Name des fehlerhaften Pakets: Facebook.Facebook_1.4.0.9_x86__8xx8rvfyw5nnt

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/25/2015 07:56:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7bc

Startzeit: 01d0512c6f4dbdca

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: e5e856a1-bd1f-11e4-972e-40e2304be8f2

Vollständiger Name des fehlerhaften Pakets: Facebook.Facebook_1.4.0.9_x86__8xx8rvfyw5nnt

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/25/2015 07:07:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2f44

Startzeit: 01d0512592a73ca2

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 09463a1e-bd19-11e4-972e-40e2304be8f2

Vollständiger Name des fehlerhaften Pakets: Facebook.Facebook_1.4.0.9_x86__8xx8rvfyw5nnt

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App


System errors:
=============
Error: (02/27/2015 07:29:48 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (02/27/2015 07:28:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062

Error: (02/27/2015 03:08:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/27/2015 01:21:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WMPNetworkSvc erreicht.

Error: (02/27/2015 01:14:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WMPNetworkSvc erreicht.

Error: (02/26/2015 11:55:44 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: 1053gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (02/26/2015 11:55:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (02/26/2015 11:55:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.

Error: (02/26/2015 07:01:16 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: 1053gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (02/26/2015 07:01:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053


Microsoft Office Sessions:
=========================
Error: (02/27/2015 03:10:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384193801d0529676efb23c4294967295C:\WINDOWS\system32\backgroundTaskHost.exe6a353f8c-be8a-11e4-972e-40e2304be8f2Facebook.Facebook_1.4.0.9_x86__8xx8rvfyw5nntApp

Error: (02/25/2015 09:00:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.163842d0401d0513558a6273e4294967295C:\WINDOWS\system32\backgroundTaskHost.execf43a8a8-bd28-11e4-972e-40e2304be8f2Facebook.Facebook_1.4.0.9_x86__8xx8rvfyw5nntApp

Error: (02/25/2015 08:54:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384253801d0513489a6f25d4294967295C:\WINDOWS\system32\backgroundTaskHost.exe0049e9b8-bd28-11e4-972e-40e2304be8f2Facebook.Facebook_1.4.0.9_x86__8xx8rvfyw5nntApp

Error: (02/25/2015 08:45:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384258801d0513343598d804294967295C:\WINDOWS\system32\backgroundTaskHost.exeb9dc9f24-bd26-11e4-972e-40e2304be8f2Facebook.Facebook_1.4.0.9_x86__8xx8rvfyw5nntApp

Error: (02/25/2015 08:38:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.163842adc01d0513262c19b094294967295C:\WINDOWS\system32\backgroundTaskHost.exed9515e21-bd25-11e4-972e-40e2304be8f2Facebook.Facebook_1.4.0.9_x86__8xx8rvfyw5nntApp

Error: (02/25/2015 08:24:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384146401d0513055f8a9814294967295C:\WINDOWS\system32\backgroundTaskHost.execc96582f-bd23-11e4-972e-40e2304be8f2Facebook.Facebook_1.4.0.9_x86__8xx8rvfyw5nntApp

Error: (02/25/2015 08:17:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.163841c3801d0512f5aa5ec074294967295C:\WINDOWS\system32\backgroundTaskHost.exed12adf4a-bd22-11e4-972e-40e2304be8f2Facebook.Facebook_1.4.0.9_x86__8xx8rvfyw5nntApp

Error: (02/25/2015 08:06:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1638423c01d0512de0ab41114294967295C:\WINDOWS\system32\backgroundTaskHost.exe572f3c59-bd21-11e4-972e-40e2304be8f2Facebook.Facebook_1.4.0.9_x86__8xx8rvfyw5nntApp

Error: (02/25/2015 07:56:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.163847bc01d0512c6f4dbdca4294967295C:\WINDOWS\system32\backgroundTaskHost.exee5e856a1-bd1f-11e4-972e-40e2304be8f2Facebook.Facebook_1.4.0.9_x86__8xx8rvfyw5nntApp

Error: (02/25/2015 07:07:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.163842f4401d0512592a73ca24294967295C:\WINDOWS\system32\backgroundTaskHost.exe09463a1e-bd19-11e4-972e-40e2304be8f2Facebook.Facebook_1.4.0.9_x86__8xx8rvfyw5nntApp


==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU Z3735F @ 1.33GHz
Percentage of memory in use: 68%
Total physical RAM: 1986.59 MB
Available physical RAM: 635.48 MB
Total Pagefile: 2498.59 MB
Available Pagefile: 532.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1857.05 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:22.6 GB) (Free:9.39 GB) NTFS
Drive d: () (Removable) (Total:29.71 GB) (Free:26.76 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 1A560338)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 29.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---

schrauber 28.02.2015 10:51
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

EsleTra 28.02.2015 11:27
Liste der Anhänge anzeigen (Anzahl: 1)
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 28.02.2015
Suchlauf-Zeit: 11:03:26
Logdatei: mbam.txt
Administrator: Nein

Version: 2.00.4.1028
Malware Datenbank: v2015.02.28.02
Rootkit Datenbank: v2015.02.25.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x86
Dateisystem: NTFS
Benutzer: Esther

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 312379
Verstrichene Zeit: 14 Min, 16 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 3
PUP.Optional.SuperFish, C:\Windows\System32\Drivers\VDWFP.sys, In Quarantäne, [f5ddbd66a6e40036110539d4d036ce32],
PUP.Optional.MindSpark.A, C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_internetspeedtracker.dl.tb.ask.com_0.localstorage, Löschen bei Neustart, [f0e276addab0a78f63e71cb8d92a1de3],
PUP.Optional.MindSpark.A, C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_internetspeedtracker.dl.tb.ask.com_0.localstorage-journal, Löschen bei Neustart, [7c561d067b0f2a0cfc4ed202679c7d83],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

EsleTra 28.02.2015 12:06
AdwCleaner Logfile:
Code:
# AdwCleaner v4.111 - Bericht erstellt 28/02/2015 um 11:35:03
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Server]
# Betriebssystem : Windows 8.1 Connected  (x86)
# Benutzername : Esther - ESTHERTABLET
# Gestarted von : C:\Users\Esther\Downloads\adwcleaner_4.111.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Pokki

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v


-\\ Google Chrome v40.0.2214.115


-\\ Chromium v


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [3119 Bytes] - [27/02/2015 19:22:04]
AdwCleaner[R1].txt - [1010 Bytes] - [28/02/2015 11:29:11]
AdwCleaner[S0].txt - [3180 Bytes] - [27/02/2015 19:28:12]
AdwCleaner[S1].txt - [934 Bytes] - [28/02/2015 11:35:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [992  Bytes] ##########
--- --- ---



FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01
Ran by Esther (administrator) on ESTHERTABLET on 28-02-2015 11:44:14
Running from C:\Users\Esther\Downloads
Loaded Profiles: Esther (Available profiles: Esther)
Platform: Microsoft Windows 8.1 mit Bing (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\ModeTran_cp.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Kingsoft Corporation) C:\Program Files\cmcm\Clean Master\cmcore.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\FolioSer.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Lenovo Updates\LUService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
() C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\ModeTran.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Kingsoft Corporation) C:\Program Files\cmcm\Clean Master\cmtray.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dropbox, Inc.) C:\Users\Esther\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
() C:\Program Files\Lenovo\CCSDK\CCSDK.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
() C:\Program Files\Lenovo\CCSDK\WinGather.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.3327.1030_x86__8wekyb3d8bbwe\onenoteim.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Thisisu) C:\Users\Esther\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Pokki) C:\Users\Esther\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Esther\AppData\Local\Pokki\Engine\HostAppService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\System32\DptfPolicyLpmServiceHelper.exe [73216 2014-11-30] (Intel Corporation)
HKLM\...\Run: [cmsc] => c:\program files\cmcm\Clean Master\cmtray.exe [468328 2015-01-24] (Kingsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-05] (AVAST Software)
HKU\S-1-5-21-3110719337-2088587715-331825505-1001\...\Run: [GoogleChromeAutoLaunch_37877E3861D099977F5D28FC5702DC0B] => C:\Program Files\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-3110719337-2088587715-331825505-1001\...\RunOnce: [Application Restart #3] => C:\Users\Esther\AppData\Local\Pokki\Engine\HostAppService.exe [7846216 2015-02-05] (Pokki)
Startup: C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3110719337-2088587715-331825505-1001\Software\Microsoft\Internet Explorer\Main,Start Page = Homepage
HKU\S-1-5-21-3110719337-2088587715-331825505-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3110719337-2088587715-331825505-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
HKU\S-1-5-21-3110719337-2088587715-331825505-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3110719337-2088587715-331825505-1001 -> {26E400EB-FF76-4A9F-88BD-9BD17C9EC864} URL =
SearchScopes: HKU\S-1-5-21-3110719337-2088587715-331825505-1001 -> {BCA6DD76-B67D-11E4-972D-40E2304BE8F2} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Winsock: Catalog5 09 C:\WINDOWS\system32\wlidnsp.dll [49664] (Microsoft Corporation)
Winsock: Catalog5 10 C:\WINDOWS\system32\wlidnsp.dll [49664] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Esther\AppData\Roaming\Mozilla\Firefox\Profiles\iq4j4a5p.default
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Extension: Amazon-Icon - C:\Users\Esther\AppData\Roaming\Mozilla\Firefox\Profiles\iq4j4a5p.default\Extensions\amazon-icon@giga.de [2015-02-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-05]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://google.de/
CHR StartupUrls: Default -> "hxxp://www.delta-search.com/?affID=120518&tt=190313_wo3&babsrc=HP_ss&mntrId=B0A9BC05430E79B2", "hxxp://www.giga.de/my_homepage/0022/", "hxxp://isearch.avg.com?cid={CC37F0BC-AA78-474C-A059-8A496B9BA64A}&mid=a9335737799b47d0b6dc016ecee48aac-7a044ede462d0fc8a954fa45c38878beea4ac26d&lang=de&ds=AVG&coid=avgtbavg&pr=pr&d=2013-10-07 13:11:04&v=17.0.1.12&pid=avg&sg=0&sap=hp", "hxxp://homepage-web.com/?s=lenovo&m=start", "hxxp://www.lenovo.com"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSearchURL: Default -> https://www.google.de/search?q={searchTerms}?trackid=sp-006
CHR DefaultSuggestURL: Default -> https://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24]
CHR Extension: (Google Drive) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-24]
CHR Extension: (YouTube) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-24]
CHR Extension: (Facebook) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-01-24]
CHR Extension: (GMX MailCheck) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2015-01-24]
CHR Extension: (Pushbullet) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-02-24]
CHR Extension: (Google Search) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-24]
CHR Extension: (Google Sheets) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-24]
CHR Extension: (Avast Online Security) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-05]
CHR Extension: (Google Play) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-01-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-26]
CHR Extension: (Google Wallet) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
CHR Extension: (Gmail) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-24]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-05]
CHR HKU\S-1-5-21-3110719337-2088587715-331825505-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-05] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-02-05] (Avast Software)
R2 BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [161496 2014-11-30] ()
R2 CCSDK; C:\Program Files\Lenovo\CCSDK\CCSDK.exe [592880 2014-11-30] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1840304 2015-01-13] (Microsoft Corporation)
R2 cmcore; c:\program files\cmcm\Clean Master\cmcore.exe [315240 2015-01-24] (Kingsoft Corporation)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [279000 2014-11-30] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [75264 2014-11-30] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [89088 2014-11-30] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [82432 2014-11-30] (Intel Corporation)
R2 FOLIOSRV; C:\Program Files\Lenovo\FolioCase\FolioSer.exe [23552 2014-11-30] (Lenovo) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [277976 2014-11-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2014-11-30] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2014-11-30] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-11-30] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\lenovo\easyplussdk\bin\EPHotspot.exe [439040 2014-11-30] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-11-21] (LENOVO INCORPORATED.)
R2 LUService; C:\Program Files\Lenovo\Lenovo Updates\LUService.exe [38896 2014-11-30] (Lenovo(beijing) Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2014-11-30] (Nitro PDF Software)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 VeriFaceSrv; C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [54544 2014-11-30] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-22] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1222144 2014-07-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acpials; C:\WINDOWS\system32\DRIVERS\acpials.sys [7680 2014-03-18] (Microsoft Corporation)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-02-05] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73480 2015-02-05] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [81768 2015-02-05] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-02-05] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-02-05] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-02-05] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [91496 2015-02-05] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-02-05] ()
S3 AX88772; C:\WINDOWS\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
R3 BMA2x2Accelerometer; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-11-30] (Microsoft Corporation)
R3 BthA2DP; C:\WINDOWS\system32\drivers\BthA2DP.sys [107648 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [186880 2014-03-18] (Microsoft Corporation)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [460800 2014-11-30] (Intel Corporation)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [36352 2014-11-30] (Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\system32\DRIVERS\DptfDevPower.sys [17408 2014-11-30] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\system32\DRIVERS\DptfDevDisplay.sys [19968 2014-11-30] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [28160 2014-11-30] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [72704 2014-11-30] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [174080 2014-11-30] (Intel Corporation)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2014-11-30] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2014-11-30] (Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [58368 2014-11-30] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2014-11-30] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32152 2014-11-30] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [263168 2014-11-30] (Intel(R) Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2014-11-30] (Intel Corporation)
R3 ksapi; C:\WINDOWS\system32\drivers\ksapi.sys [81768 2015-01-24] (Kingsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21968 2014-11-30] (Intel Corporation)
R3 ov2722; C:\WINDOWS\System32\drivers\ov2722.sys [49152 2014-11-30] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [48128 2014-11-30] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [183000 2014-11-30] (Realtek Semiconductor Corp.)
R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [508120 2014-11-30] (Realtek Semiconductor Corporation)
R3 RtlWlans; C:\WINDOWS\system32\DRIVERS\rtwlans.sys [2798808 2014-11-30] (Realtek Semiconductor Corporation                          )
R3 SensorsAlsDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-11-30] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-11-30] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-11-30] (Microsoft Corporation)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2014-11-30] (Intel Corporation)
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-02-05] (Avast Software)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84800 2014-09-22] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
R3 WUDFSensorLP; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-11-30] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-11-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-28 11:41 - 2015-02-28 11:41 - 01388274 ____C (Thisisu) C:\Users\Esther\Downloads\JRT.exe
2015-02-28 11:28 - 2015-02-28 11:43 - 00000273 ____C () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
2015-02-28 11:27 - 2015-02-28 11:27 - 00001714 ____C () C:\Users\Esther\Downloads\mbam.txt
2015-02-28 11:24 - 2015-02-28 11:24 - 00002000 ____C () C:\Users\Esther\Desktop\mbam1.txt
2015-02-28 11:24 - 2015-02-28 11:24 - 00001714 ____C () C:\Users\Esther\Desktop\mbam.txt
2015-02-28 11:02 - 2015-02-28 11:36 - 00114904 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-28 11:02 - 2015-02-28 11:02 - 00001083 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-28 11:02 - 2015-02-28 11:02 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-28 11:02 - 2015-02-28 11:02 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2015-02-28 11:02 - 2015-02-28 11:02 - 00000000 ___DC () C:\Program Files\Malwarebytes Anti-Malware
2015-02-28 11:02 - 2014-11-21 06:14 - 00075480 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-28 11:02 - 2014-11-21 06:14 - 00051928 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-28 11:02 - 2014-11-21 06:14 - 00023256 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-28 11:00 - 2015-02-28 11:00 - 20447072 ____C (Malwarebytes Corporation ) C:\Users\Esther\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-28 10:55 - 2015-02-28 10:55 - 00002573 ____C () C:\Users\Esther\Desktop\WhatsApp Web.lnk
2015-02-27 20:20 - 2015-02-27 20:20 - 00003007 ____C () C:\Users\Esther\Desktop\Google hängt _trackid=sp-006 - Trojaner-Board.lnk
2015-02-27 20:03 - 2015-02-27 20:04 - 00031730 ____C () C:\Users\Esther\Downloads\Addition.txt
2015-02-27 20:02 - 2015-02-28 11:44 - 00023079 ____C () C:\Users\Esther\Downloads\FRST.txt
2015-02-27 20:02 - 2015-02-28 11:44 - 00000000 ___DC () C:\FRST
2015-02-27 20:01 - 2015-02-27 20:01 - 01127424 ____C (Farbar) C:\Users\Esther\Downloads\FRST.exe
2015-02-27 19:29 - 2015-02-28 11:35 - 00002740 ____C () C:\WINDOWS\PFRO.log
2015-02-27 19:29 - 2015-02-27 19:29 - 00476936 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-27 19:22 - 2015-02-28 11:35 - 00000000 ___DC () C:\AdwCleaner
2015-02-27 19:20 - 2015-02-27 19:21 - 02126848 ____C () C:\Users\Esther\Downloads\adwcleaner_4.111.exe
2015-02-27 17:25 - 2015-02-28 11:35 - 00000696 ____C () C:\WINDOWS\setupact.log
2015-02-27 17:25 - 2015-02-27 17:25 - 00000000 ____C () C:\WINDOWS\setuperr.log
2015-02-27 16:16 - 2015-02-27 17:28 - 00034816 ____C () C:\Users\Esther\Documents\Essensplan.xlt
2015-02-23 17:50 - 2012-06-20 11:13 - 30547340 ____C () C:\Users\Esther\Downloads\SVoice.apk
2015-02-23 17:48 - 2015-02-23 17:49 - 29634456 ____C () C:\Users\Esther\Downloads\SVoice.zip
2015-02-23 17:44 - 2015-02-23 17:44 - 01203488 ____C () C:\Users\Esther\Downloads\Samsung Galaxy S4 S Voice Android App - CHIP-Installer.exe
2015-02-23 17:41 - 2012-06-20 11:13 - 30547340 ____C () C:\Users\Esther\Documents\SVoice.apk
2015-02-23 17:37 - 2015-02-23 17:32 - 29634456 ____C () C:\Users\Esther\Documents\SVoice.zip
2015-02-23 17:37 - 2013-08-15 23:46 - 00608494 ____C () C:\Users\Esther\Documents\[Ebook][erotik] James, E. L. - Shades of Grey 01 - Geheimes Verlangen.epub
2015-02-23 17:36 - 2015-02-23 17:36 - 00000000 ___HC () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-02-23 13:40 - 2015-02-23 13:40 - 00000000 ___DC () C:\Users\Esther\Documents\EBook
2015-02-23 13:26 - 2015-02-23 17:51 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\MediaMonkey
2015-02-23 13:26 - 2015-02-23 13:26 - 00000602 ____C () C:\Users\Public\Desktop\MediaMonkey.lnk
2015-02-23 13:26 - 2015-02-23 13:26 - 00000000 ___DC () C:\Users\Esther\AppData\Local\MediaMonkey
2015-02-23 13:26 - 2015-02-23 13:26 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2015-02-23 13:25 - 2015-02-23 13:25 - 00000000 ___DC () C:\ProgramData\MediaMonkey
2015-02-23 13:22 - 2015-02-23 13:22 - 15204184 ____C (Ventis Media Inc. ) C:\Users\Esther\Downloads\MediaMonkey_4.1.5.1719.exe
2015-02-22 13:07 - 2015-02-22 13:07 - 00000928 ____C () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Waow (2).lnk
2015-02-22 13:07 - 2015-02-12 18:21 - 28619213 ____C () C:\Users\Esther\Downloads\Waow.exe
2015-02-21 14:40 - 2015-02-28 11:34 - 01898797 ____C () C:\WINDOWS\WindowsUpdate.log
2015-02-19 10:57 - 2015-02-21 11:02 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\vlc
2015-02-19 10:57 - 2015-02-19 10:57 - 00000526 ____C () C:\Users\Public\Desktop\VLC media player.lnk
2015-02-19 10:57 - 2015-02-19 10:57 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-02-19 10:53 - 2015-02-19 10:54 - 24743106 ____C () C:\Users\Esther\Downloads\vlc-2.1.5-win32.exe
2015-02-19 10:36 - 2015-02-19 10:36 - 28170335 ____C () C:\Users\Esther\Downloads\Waow_x86.zip
2015-02-17 20:04 - 2015-02-17 20:04 - 00000146 ____C () C:\Users\Esther\Downloads\stream (1).m3u
2015-02-17 20:03 - 2015-02-17 20:03 - 00000146 ____C () C:\Users\Esther\Downloads\stream.m3u
2015-02-17 20:01 - 2015-02-17 20:01 - 00002417 ____C () C:\Users\Esther\Desktop\Open Webif.lnk
2015-02-17 14:18 - 2015-01-23 04:17 - 04300800 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-17 13:11 - 2015-02-04 00:43 - 00202752 ____C (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-17 13:11 - 2015-02-04 00:08 - 00620544 ____C (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-17 13:11 - 2015-02-04 00:08 - 00325120 ____C (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-17 13:11 - 2015-02-03 00:11 - 00886784 ____C (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-17 13:11 - 2015-02-03 00:11 - 00766976 ____C (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-17 13:11 - 2015-02-03 00:11 - 00482304 ____C (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-17 10:56 - 2015-02-17 10:56 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\WinRAR
2015-02-17 10:56 - 2015-02-17 10:56 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-17 10:56 - 2015-02-17 10:56 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-17 10:55 - 2015-02-17 10:55 - 01869952 ____C () C:\Users\Esther\Downloads\wrar521d.exe
2015-02-17 10:50 - 2015-02-21 12:45 - 00000000 ___DC () C:\Users\Esther\AppData\Local\QuickPar
2015-02-17 10:48 - 2015-02-17 10:48 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
2015-02-17 10:48 - 2015-02-17 10:48 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
2015-02-17 10:47 - 2015-02-17 10:47 - 00503439 ____C (Peter B Clements) C:\Users\Esther\Downloads\QuickPar-0.9.1.0-DEU.exe
2015-02-17 10:28 - 2015-02-27 18:35 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\UseNeXT
2015-02-17 10:28 - 2015-02-27 18:31 - 00000000 ___DC () C:\Users\Esther\Documents\UseNeXT
2015-02-17 10:27 - 2015-02-17 10:27 - 00000482 ____C () C:\Users\Esther\Desktop\UseNeXT by Tangysoft.lnk
2015-02-17 10:27 - 2015-02-17 10:27 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
2015-02-17 10:25 - 2015-02-17 10:25 - 05270008 ____C (Tangysoft Ltd. ) C:\Users\Esther\Downloads\UseNeXTSetup_5.64.exe
2015-02-15 13:16 - 2015-02-15 13:17 - 05262374 ____C () C:\Users\Esther\Downloads\dreamboxEDIT_without_setup_6.0.1.1.zip
2015-02-15 12:15 - 2015-02-17 09:45 - 00000000 ___DC () C:\Users\Esther\Desktop\VuPlus EMM
2015-02-15 11:53 - 2015-02-15 11:53 - 00035328 __SHC () C:\Users\Esther\Desktop\Thumbs.db
2015-02-15 02:21 - 2015-02-19 10:32 - 00000000 ___DC () C:\Program Files\Notepad++
2015-02-15 02:21 - 2015-02-15 14:27 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\FileZilla
2015-02-15 02:21 - 2015-02-15 02:22 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\Notepad++
2015-02-15 02:21 - 2015-02-15 02:21 - 07965917 ____C () C:\Users\Esther\Downloads\npp.6.7.4.Installer.exe
2015-02-15 02:21 - 2015-02-15 02:21 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-02-15 02:21 - 2015-02-15 02:21 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-02-15 02:21 - 2015-02-15 02:21 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-02-15 02:21 - 2015-02-15 02:21 - 00000000 ___DC () C:\Program Files\FileZilla FTP Client
2015-02-15 02:20 - 2015-02-15 02:20 - 06372800 ____C (Tim Kosse) C:\Users\Esther\Downloads\FileZilla_3.10.1.1_win32-setup__1_.exe
2015-02-15 02:20 - 2015-02-15 02:20 - 06372800 ____C (Tim Kosse) C:\Users\Esther\Downloads\FileZilla_3.10.1.1_win32-setup__1_ (1).exe
2015-02-14 22:08 - 2015-02-14 22:10 - 05627963 ____C () C:\Users\Esther\Downloads\dcce2_150.zip
2015-02-14 21:21 - 2015-02-14 21:21 - 00000000 ___DC () C:\Users\Esther\Downloads\dcce2_120
2015-02-14 15:41 - 2015-02-14 15:41 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\WDC
2015-02-14 14:17 - 2015-02-14 14:17 - 00001138 ____C () C:\Users\Public\Desktop\WD My Cloud.lnk
2015-02-14 14:17 - 2015-02-14 14:17 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-02-14 14:17 - 2015-02-14 14:17 - 00000000 ___DC () C:\Program Files\Western Digital
2015-02-14 14:15 - 2015-02-14 14:16 - 00000000 ___DC () C:\Users\Esther\My Cloud
2015-02-14 14:13 - 2015-02-14 14:14 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\com.wd.WDMyCloud
2015-02-14 14:13 - 2015-02-14 14:13 - 00000204 ____C () C:\Users\Esther\Desktop\Lerncenter WD My Cloud.url
2015-02-14 14:13 - 2015-02-14 14:13 - 00000158 ____C () C:\Users\Esther\Desktop\WD My Cloud – Öffentliche Freigabe.url
2015-02-14 14:13 - 2015-02-14 14:13 - 00000154 ____C () C:\Users\Esther\Desktop\WD My Cloud-Dashboard.url
2015-02-14 14:13 - 2015-02-14 14:13 - 00000000 ___DC () C:\ProgramData\Western Digital
2015-02-14 14:13 - 2015-02-14 14:13 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour-Druckdienste
2015-02-14 14:13 - 2015-02-14 14:13 - 00000000 ___DC () C:\ProgramData\Apple
2015-02-14 14:13 - 2015-02-14 14:13 - 00000000 ___DC () C:\Program Files\Bonjour Print Services
2015-02-14 14:13 - 2015-02-14 14:13 - 00000000 ___DC () C:\Program Files\Bonjour
2015-02-14 14:11 - 2015-02-14 14:13 - 00000000 ___DC () C:\Users\Esther\AppData\Local\Western Digital
2015-02-14 14:10 - 2015-02-14 14:11 - 71601392 ____C () C:\Users\Esther\Downloads\mc_windows_setup.exe
2015-02-11 01:59 - 2015-01-13 23:04 - 01489072 ____C (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 01:59 - 2015-01-12 03:25 - 19740160 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 01:59 - 2015-01-12 03:08 - 00503296 ____C (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 01:59 - 2015-01-12 03:05 - 00064000 ____C (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 01:59 - 2015-01-12 03:02 - 02277888 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 01:59 - 2015-01-12 02:55 - 00664064 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 01:59 - 2015-01-12 02:45 - 00418304 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 01:59 - 2015-01-12 02:34 - 00128000 ____C (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-02-11 01:59 - 2015-01-12 02:30 - 00880128 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 01:59 - 2015-01-12 02:25 - 00230400 ____C (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 01:59 - 2015-01-12 02:23 - 02052608 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 01:59 - 2015-01-12 02:23 - 00688640 ____C (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 01:59 - 2015-01-12 02:23 - 00684544 ____C (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 01:59 - 2015-01-12 02:23 - 00327168 ____C (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 01:59 - 2015-01-12 02:14 - 12829184 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 01:59 - 2015-01-12 02:00 - 01888256 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 01:59 - 2015-01-12 01:56 - 01307136 ____C (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 01:59 - 2015-01-12 01:55 - 00710144 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 01:59 - 2015-01-10 07:38 - 00359424 ____C (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 01:58 - 2015-01-15 23:37 - 00478776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 01:58 - 2015-01-15 23:37 - 00148288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 01:58 - 2015-01-10 09:28 - 05769024 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 01:58 - 2015-01-10 09:28 - 01468408 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 01:58 - 2015-01-10 08:38 - 03550720 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 01:58 - 2014-12-09 04:45 - 00393728 ____C (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 01:58 - 2014-10-29 03:06 - 00736768 ____C (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 01:58 - 2014-10-29 03:06 - 00154112 ____C (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 01:58 - 2014-10-29 02:03 - 01117696 ____C (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-10 21:13 - 2015-02-10 21:13 - 00000218 ____C () C:\Users\Esther\.recently-used.xbel
2015-02-10 12:58 - 2015-02-10 12:58 - 00001063 ____C () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Waow.lnk
2015-02-06 20:50 - 2015-02-06 20:50 - 53948416 _____ () C:\WINDOWS\system32\config\SOFTWARE.sav.LOG
2015-02-06 20:50 - 2015-02-06 20:50 - 11268096 _____ () C:\WINDOWS\system32\config\SYSTEM.sav.LOG
2015-02-06 20:50 - 2015-02-06 20:50 - 00061440 _____ () C:\WINDOWS\system32\config\SAM.sav.LOG
2015-02-06 20:50 - 2015-02-06 20:50 - 00020480 _____ () C:\WINDOWS\system32\config\SECURITY.sav.LOG
2015-02-06 20:48 - 2015-02-06 20:50 - 00001660 ____C () C:\WINDOWS\system32\ASOROSet.bin
2015-02-06 20:48 - 2015-02-06 20:48 - 00000000 ____D () C:\WINDOWS\system32\config\RCCBakup
2015-02-06 19:21 - 2015-02-06 19:21 - 00000000 ___DC () C:\Users\Esther\AppData\Local\Temp826e779988384ef889c203d71b003d8e
2015-02-05 14:15 - 2015-02-20 19:58 - 00002152 ____C () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-05 14:15 - 2015-02-05 14:15 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-05 14:14 - 2015-02-05 14:14 - 00000000 ___DC () C:\Users\Esther\AppData\Local\Deployment
2015-02-05 14:14 - 2015-02-05 14:14 - 00000000 ___DC () C:\Users\Esther\AppData\Local\Apps\2.0
2015-02-05 13:08 - 2015-02-05 13:09 - 00000197 ____C () C:\WINDOWS\system32\2015-02-05-12-08-58.049-AvastVBoxSVC.exe-3996.log
2015-02-05 13:07 - 2015-02-28 11:37 - 00000000 __RDC () C:\Users\Esther\Dropbox
2015-02-05 13:07 - 2015-02-17 09:21 - 00001086 ____C () C:\Users\Esther\Desktop\Dropbox.lnk
2015-02-05 13:05 - 2015-02-17 09:21 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-05 13:04 - 2015-02-28 11:37 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\Dropbox
2015-02-05 12:54 - 2015-02-05 12:54 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\AVAST Software
2015-02-05 12:53 - 2015-02-05 12:54 - 00000000 ___DC () C:\WINDOWS\system32\vbox
2015-02-05 12:53 - 2015-02-05 12:53 - 00002144 ____C () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-05 12:53 - 2015-02-05 12:53 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-05 12:52 - 2015-02-05 12:53 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-02-05 12:52 - 2015-02-05 12:53 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-02-05 12:52 - 2015-02-05 12:53 - 00073480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-02-05 12:52 - 2015-02-05 12:52 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-02-05 12:52 - 2015-02-05 12:52 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-02-05 12:52 - 2015-02-05 12:52 - 00091496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-02-05 12:52 - 2015-02-05 12:52 - 00081768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-02-05 12:52 - 2015-02-05 12:52 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-02-05 12:52 - 2015-02-05 12:52 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-02-05 12:52 - 2015-02-05 12:52 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-02-05 12:46 - 2015-02-05 12:46 - 00000000 ___DC () C:\Program Files\AVAST Software
2015-02-05 12:45 - 2015-02-05 12:46 - 00000000 ___DC () C:\ProgramData\AVAST Software
2015-02-05 12:23 - 2014-12-31 12:13 - 00249488 ____C (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-02-04 09:59 - 2015-02-10 21:12 - 00000000 ___DC () C:\Program Files\Common Files\Skype
2015-02-04 09:59 - 2015-02-05 12:15 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\Skype
2015-02-04 09:59 - 2015-02-04 09:59 - 00000000 ___DC () C:\Users\Esther\AppData\Local\Skype
2015-02-04 09:58 - 2015-02-10 21:14 - 00000000 __RDC () C:\Program Files\Skype
2015-02-04 09:58 - 2015-02-10 21:12 - 00000000 ___DC () C:\ProgramData\Skype
2015-02-04 09:02 - 2015-02-28 10:52 - 00000000 ___DC () C:\Users\Esther\AppData\Local\Waow
2015-01-31 12:30 - 2015-01-31 12:48 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\griffith
2015-01-31 12:21 - 2015-01-31 12:21 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\Obsidium
2015-01-31 12:17 - 2015-01-31 12:23 - 00000000 ___DC () C:\ProgramData\AllMyMovies
2015-01-29 13:50 - 2015-01-29 13:50 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-29 13:50 - 2015-01-29 13:50 - 00000000 ___DC () C:\Program Files\Microsoft Silverlight

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-28 11:42 - 2014-03-18 08:50 - 01776918 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-28 11:36 - 2015-01-25 16:44 - 00001128 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-28 11:36 - 2015-01-24 15:03 - 00000000 _RDOC () C:\Users\Esther\OneDrive
2015-02-28 11:35 - 2014-11-30 13:32 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf
2015-02-28 11:35 - 2013-08-22 08:23 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2015-02-28 11:35 - 2013-08-22 07:13 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-28 11:30 - 2013-08-22 09:17 - 00000000 ___DC () C:\WINDOWS\system32\sru
2015-02-28 10:59 - 2015-01-25 16:49 - 00001132 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d038b68e08b2a9.job
2015-02-27 19:54 - 2013-08-22 09:17 - 00000000 ___DC () C:\WINDOWS\Microsoft.NET
2015-02-27 19:12 - 2015-01-24 14:56 - 00000000 ___DC () C:\Users\Esther\AppData\Local\Pokki
2015-02-27 16:11 - 2013-08-22 09:17 - 00000000 ___DC () C:\WINDOWS\AppReadiness
2015-02-24 07:56 - 2015-01-24 16:12 - 00000000 ___DC () C:\Program Files\Microsoft Office 15
2015-02-19 09:51 - 2015-01-28 10:46 - 00000000 __SDC () C:\WINDOWS\system32\CompatTel
2015-02-19 09:51 - 2015-01-28 10:46 - 00000000 ___DC () C:\WINDOWS\system32\appraiser
2015-02-18 04:23 - 2013-08-22 09:05 - 00000000 ___DC () C:\WINDOWS\CbsTemp
2015-02-17 16:40 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-17 09:17 - 2013-08-22 09:17 - 00000000 ___DC () C:\WINDOWS\system32\de-DE
2015-02-14 14:15 - 2015-01-24 14:56 - 00000000 ___DC () C:\Users\Esther
2015-02-10 21:19 - 2015-01-24 15:28 - 00000000 ___DC () C:\Users\Esther\AppData\Local\Google
2015-02-10 21:16 - 2015-01-25 11:10 - 00000000 ___DC () C:\Program Files\OpenOffice 4
2015-02-06 21:08 - 2015-01-25 14:46 - 00000017 ____C () C:\Users\Esther\AppData\Roaming\AquaCalculatorBL.AUsr
2015-02-06 20:46 - 2015-01-26 14:39 - 00000000 ___DC () C:\Program Files\TeamViewer
2015-02-06 20:41 - 2015-01-25 17:09 - 00000000 ___DC () C:\Users\Esther\AppData\Local\Lenovo
2015-02-06 20:41 - 2014-11-30 13:32 - 00000000 ___DC () C:\ProgramData\Lenovo
2015-02-06 20:40 - 2014-11-30 13:32 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-02-06 20:40 - 2014-11-30 13:12 - 00000000 ___DC () C:\Program Files\Lenovo
2015-02-05 14:14 - 2015-01-25 11:49 - 00002345 ____C () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-02-05 12:47 - 2014-11-30 13:33 - 00000000 ___DC () C:\ProgramData\McAfee
2015-02-05 12:20 - 2013-08-22 09:17 - 00000000 __HDC () C:\WINDOWS\ELAMBKUP
2015-02-05 12:19 - 2013-08-22 07:21 - 00000000 __RDC () C:\Users\Public
2015-02-05 12:15 - 2015-01-26 11:10 - 00000000 __RDC () C:\Users\Esther\Google Drive
2015-02-05 11:07 - 2015-01-25 11:10 - 00000000 ___DC () C:\Program Files\Opera
2015-02-03 20:31 - 2013-08-22 09:18 - 00714720 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 09:18 - 00106976 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-02 07:40 - 2013-08-22 09:17 - 00000000 ___DC () C:\WINDOWS\system32\NDF
2015-02-01 05:46 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-31 12:21 - 2015-01-26 14:39 - 00000000 ___DC () C:\Users\Esther\AppData\Roaming\TeamViewer

==================== Files in the root of some directories =======

2015-01-25 14:46 - 2015-02-06 21:08 - 0000017 ____C () C:\Users\Esther\AppData\Roaming\AquaCalculatorBL.AUsr
2015-01-27 12:20 - 2015-01-27 12:20 - 0007602 ____C () C:\Users\Esther\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Esther\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_1b56f.dll
C:\Users\Esther\AppData\Local\Temp\Quarantine.exe
C:\Users\Esther\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-27 19:54

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 Connected x86
Ran by Esther on 28.02.2015 at 11:41:42,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BCA6DD76-B67D-11E4-972D-40E2304BE8F2}



~~~ Files

Successfully deleted: [File] C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3110719337-2088587715-331825505-1001



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.02.2015 at 11:56:15,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---


Google hängt immer noch den Text hinten dran.

schrauber 28.02.2015 15:47
in welchem Browser?

EsleTra 28.02.2015 15:57
im google chrome Browser.

schrauber 28.02.2015 18:51
Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

EsleTra 01.03.2015 16:00
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b601b74378218644aeb401ba2ad109f8
# engine=22698
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-01 12:22:29
# local_time=2015-03-01 01:22:29 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 1980596 2079195 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2075278 15516859 0 0
# scanned=149961
# found=11
# cleaned=0
# scan_time=4835
sh=59CFC71C3BB4077E3CAECC8EB7D48AD923D52387 ft=1 fh=8ee66df075ef7099 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\system32\roboot.exe.vir"
sh=BA74F32719AA524845F0858E1ED603863873B304 ft=1 fh=ba7b9b70a0dd35f5 vn="Variante von Win32/Adware.SuperFish.A Anwendung" ac=I fn="C:\Program Files\Lenovo\VisualDiscovery\Run.exe"
sh=EDE269E495845B824738B21E97E34ED8552B838E ft=1 fh=b1f546208637d3c4 vn="Variante von Win32/Adware.SuperFish.A Anwendung" ac=I fn="C:\Program Files\Lenovo\VisualDiscovery\SuperfishCert.dll"
sh=1FC5CD4A58308AB7A499C6387A9C050F77F0B00F ft=1 fh=84694f440663fdd1 vn="Win32/Adware.SuperFish.F Anwendung" ac=I fn="C:\Program Files\Lenovo\VisualDiscovery\VDWFP.sys"
sh=C38BF92AA13F875862D7153A05D16DD8DC3D9180 ft=1 fh=352e9c79faf7d70b vn="Win64/Adware.SuperFish.A Anwendung" ac=I fn="C:\Program Files\Lenovo\VisualDiscovery\VDWFP64.sys"
sh=B5D68FE790F0FD30198F7F6C19FA190F561F301E ft=1 fh=dc1f28ed7d578e66 vn="Variante von Win32/Adware.SuperFish.A Anwendung" ac=I fn="C:\Program Files\Lenovo\VisualDiscovery\VDWFPInstaller.exe"
sh=CBCE16CB808A5D36246C1DB8B4E47FDFEA6373FA ft=1 fh=06063ac2c8492491 vn="Variante von Win32/Adware.SuperFish.A Anwendung" ac=I fn="C:\Program Files\Lenovo\VisualDiscovery\VisualDiscovery.exe"
sh=6FF92DE1904129C4F8370A275F9EEA0806454823 ft=1 fh=4414769fe4adbc0a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Esther\Downloads\Samsung Galaxy S4 S Voice Android App - CHIP-Installer.exe"
sh=20FDDD5F6E918FFFFB8C56FA3A9F887C7606523E ft=1 fh=a791848f95327e80 vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Esther\OneDrive\Downloads\Arbeitszeiterfassung-fr-Excel-und-OpenOffice-(Vorlage)-lnstall (1).exe"
sh=79EC73C95E3B54A3834D8A736D5B0233F01FA363 ft=1 fh=aecac9db95327e80 vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Esther\OneDrive\Downloads\Arbeitszeiterfassung-fr-Excel-und-OpenOffice-(Vorlage)-lnstall.exe"
sh=7792885B03BA80DDBD89D1239940964A5C164AC3 ft=1 fh=0a03aa6035255794 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Esther\OneDrive\Downloads\Griffith - CHIP-Installer.exe"

Results of screen317's Security Check version 0.99.96
x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 31
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Google Chrome (40.0.2214.115)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

Pc hat sich gerade aufgehalten. Beim Neustart musste ich den Bitlocker Wiederherstellungsschlüssel eingeben.

Results of screen317's Security Check version 0.99.96
x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 31
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Google Chrome (40.0.2214.115)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

Auch nach dem Neustart lässt sich keine Antwort über den PC schreiben. Antworte gerade mit dem Handy.
Fehlercodes auf dem PC: ERR_CONNECTION_RESET

Pc neu installieren.

So habe jetzt den PC komplett neu installiert.
Habe dann Google Chrome neu installiert und (ohne mich anzumelden) eine Suchanfrage eingegeben. Der Anhang blieb weg.
Habe mich dann mal mit dem Google Account verbunden und dann kam der Anhang in der Suche wieder. Daraufhin habe ich abermals die Browserdaten alle gelöscht und es blieb bei meiner Suchanfrage ohne Anhang.

FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-02-2015
Ran by Esther at 2015-03-01 15:41:55
Running from C:\Users\Esther\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Benutzerhandbücher (Version: 3.0.0.3 - Lenovo) Hidden
CCSDK (HKLM\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.0.3.4 - Lenovo)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
FolioCase (HKLM\...\InstallShield_{1979BBD9-9327-44F8-B593-515B29BE9BAB}) (Version: 1.00.0002 - Lenovo)
FolioCase (Version: 1.00.0002 - Lenovo) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo SHAREit (HKLM\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo Updates (HKLM\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.1.0.61 - Lenovo)
Lenovo Updates (Version: 1.1.0.61 - Lenovo) Hidden
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.11.14.7251 - Lenovo)
McAfee LiveSafe – Internet Security (HKLM\...\MSC) (Version: 13.6.953 - McAfee, Inc.)
Metric Collection SDK 35 (Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{53D8DB49-A741-406E-B09C-8676FB05AE79}) (Version: 9.0.5.9 - Nitro)
Pokki (HKU\S-1-5-21-2447949755-921433259-1447528216-1001\...\Pokki) (Version: 0.269.2.471 - Pokki)
REALTEK Bluetooth (HKLM\...\InstallShield_{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.65.40919 - Realtek Semiconductor Corp.)
REALTEK Bluetooth (Version: 1.0.65.40919 - Ihr Firmenname) Hidden
REALTEK Wireless LAN Driver (HKLM\...\{33AABC60-A52F-41FF-B2B9-17321240CD5}) (Version: 1.01.0243 - REALTEK Semiconductor Corp.)
Superfish Inc. VisualDiscovery (HKLM\...\Superfish Inc. VisualDiscovery) (Version: 1.0.0.4 - Superfish) <==== ATTENTION
UESDK (HKLM\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.2.7 - Lenovo)
User Manuals (HKLM\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:13 - 2013-08-22 07:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4F4A46A1-5A30-491A-A079-C903BFDFD6FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-01] (Google Inc.)
Task: {7B88D1A5-4020-48D9-968B-6C90CBEB41D9} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2013-08-22] (Microsoft Corporation)
Task: {9CA580F7-43E8-44C8-BC9A-BB7866629E6E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {AAB4EBBA-CC83-47B7-B1CE-73E806703F2A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-01] (Google Inc.)
Task: {C72915FA-3C9B-4DF1-93C9-D9DC6A751D1D} - System32\Tasks\GoogleUpdateTaskMachineCore1d0542c7ff0f32b => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-01] (Google Inc.)
Task: {DAF43146-E516-48A3-BE31-63B6A7685179} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2015-03-01] (Lenovo)
Task: {E9E3F333-396B-4A82-A19E-7CCC3911D571} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0542c7ff0f32b.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-30 13:12 - 2014-09-10 15:24 - 00161496 _____ () C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
2014-11-30 13:32 - 2014-11-30 13:32 - 00054544 _____ () C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2014-11-30 13:32 - 2014-11-30 13:32 - 00510224 _____ () C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2014-11-30 13:32 - 2014-07-09 17:19 - 00592880 _____ () C:\Program Files\Lenovo\CCSDK\CCSDK.exe
2014-11-30 13:32 - 2014-07-09 17:19 - 00397296 _____ () C:\Program Files\Lenovo\CCSDK\WinGather.exe
2015-03-01 15:28 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-03-01 15:28 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-03-01 15:28 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Esther\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VisualDiscovery => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Esther\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\lenovowallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2447949755-921433259-1447528216-500 - Administrator - Disabled)
Esther (S-1-5-21-2447949755-921433259-1447528216-1001 - Administrator - Enabled) => C:\Users\Esther
Gast (S-1-5-21-2447949755-921433259-1447528216-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2447949755-921433259-1447528216-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/01/2015 03:15:19 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  GetForegroundApplicationIndex() failed.

Error: (03/01/2015 03:12:24 PM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )
Description: Die indizierten Daten von Windows Search für den Benutzer '<Event xmlns='hxxp://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2015-03-01T14:12:24.000000000Z'/><EventRecordID>26</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>Lenovo-PC</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>4C0065006E006F0076006F002D00500043005C00410064006D0069006E006900730074007200610074006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>' können im Zuge der Löschung des Benutzerprofils nicht entfernt werden. Fehlercode %2.

%3.


System errors:
=============
Error: (03/01/2015 03:16:47 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (03/01/2015 03:09:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Netzwerklistendienst" wurde mit folgendem Fehler beendet:
%%21

Error: (03/01/2015 03:07:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet:
%%1058

Error: (03/01/2015 03:06:42 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.


Microsoft Office Sessions:
=========================
Error: (03/01/2015 03:15:19 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  GetForegroundApplicationIndex() failed.

Error: (03/01/2015 03:12:24 PM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )
Description: <Event xmlns='hxxp://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2015-03-01T14:12:24.000000000Z'/><EventRecordID>26</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>Lenovo-PC</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>4C0065006E006F0076006F002D00500043005C00410064006D0069006E006900730074007200610074006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>


==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU Z3735F @ 1.33GHz
Percentage of memory in use: 78%
Total physical RAM: 1986.61 MB
Available physical RAM: 427.67 MB
Total Pagefile: 2562.61 MB
Available Pagefile: 407.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1868.6 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:22.6 GB) (Free:18.54 GB) NTFS
Drive d: () (Removable) (Total:29.71 GB) (Free:26.76 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 1A560338)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 29.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-02-2015
Ran by Esther (administrator) on Lenovo-PC on 01-03-2015 15:40:11
Running from C:\Users\Esther\Downloads
Loaded Profiles: Esther (Available profiles: Esther)
Platform: Microsoft Windows 8.1 mit Bing (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\FolioSer.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Lenovo Updates\LUService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
() C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Superfish, Inc.) C:\Program Files\Lenovo\VisualDiscovery\VisualDiscovery.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\ModeTran_cp.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\ModeTran.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Lenovo\CCSDK\CCSDK.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
() C:\Program Files\Lenovo\CCSDK\WinGather.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(McAfee, Inc.) C:\Program Files\McAfee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Lenovo Updates\LU.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\System32\DptfPolicyLpmServiceHelper.exe [73216 2014-06-25] (Intel Corporation)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [495744 2014-04-04] (McAfee, Inc.)
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Start Page = Homepage
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
SearchScopes: HKU\S-1-5-21-2447949755-921433259-1447528216-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2447949755-921433259-1447528216-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-11-30]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://google.de/
CHR StartupUrls: Default -> "hxxp://www.delta-search.com/?affID=120518&tt=190313_wo3&babsrc=HP_ss&mntrId=B0A9BC05430E79B2", "hxxp://www.giga.de/my_homepage/0022/", "hxxp://isearch.avg.com?cid={CC37F0BC-AA78-474C-A059-8A496B9BA64A}&mid=a9335737799b47d0b6dc016ecee48aac-7a044ede462d0fc8a954fa45c38878beea4ac26d&lang=de&ds=AVG&coid=avgtbavg&pr=pr&d=2013-10-07 13:11:04&v=17.0.1.12&pid=avg&sg=0&sap=hp", "hxxp://homepage-web.com/?s=lenovo&m=start", "hxxp://www.lenovo.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-01]
CHR Extension: (Google Drive) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-01]
CHR Extension: (YouTube) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-01]
CHR Extension: (Facebook) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-03-01]
CHR Extension: (GMX MailCheck) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2015-03-01]
CHR Extension: (Pushbullet) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-03-01]
CHR Extension: (Google Search) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-01]
CHR Extension: (Google Sheets) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-01]
CHR Extension: (Google Play) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-03-01]
CHR Extension: (Gmail) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0294551425219369mcinstcleanup; C:\WINDOWS\TEMP\029455~1.EXE [851136 2014-05-21] (McAfee, Inc.)
R2 BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [161496 2014-09-10] ()
R2 CCSDK; C:\Program Files\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] ()
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [279000 2014-06-14] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [75264 2014-06-25] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [89088 2014-06-25] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [82432 2014-06-25] (Intel Corporation)
R2 FOLIOSRV; C:\Program Files\Lenovo\FolioCase\FolioSer.exe [23552 2014-07-29] (Lenovo) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-04-04] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [277976 2014-06-14] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\lenovo\easyplussdk\bin\EPHotspot.exe [439040 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
R2 LUService; C:\Program Files\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-17] (Lenovo(beijing) Limited)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [523072 2014-04-17] (McAfee, Inc.)
R3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [286136 2014-03-12] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [286672 2014-04-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-04-04] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [286672 2014-04-04] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [469488 2014-04-14] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [286672 2014-04-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [286672 2014-04-04] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [286672 2014-04-04] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [179600 2014-04-03] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-04-04] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2013-12-12] (Nitro PDF Software)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 VeriFaceSrv; C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [54544 2014-11-30] ()
R2 VisualDiscovery; C:\Program Files\Lenovo\VisualDiscovery\VisualDiscovery.exe [1348808 2014-07-08] (Superfish, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-11-30] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-11-30] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-04-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acpials; C:\WINDOWS\system32\DRIVERS\acpials.sys [7680 2014-03-18] (Microsoft Corporation)
S3 AX88772; C:\WINDOWS\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
R3 BMA2x2Accelerometer; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [186880 2014-03-18] (Microsoft Corporation)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [460800 2014-06-27] (Intel Corporation)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [61400 2014-04-03] (McAfee, Inc.)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [36352 2014-06-25] (Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\system32\DRIVERS\DptfDevPower.sys [17408 2014-06-25] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\system32\DRIVERS\DptfDevDisplay.sys [19968 2014-06-25] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [28160 2014-06-25] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [72704 2014-06-25] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [174080 2014-06-25] (Intel Corporation)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2014-05-05] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2014-03-22] (Intel Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [58368 2014-03-22] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2014-03-22] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32152 2014-05-06] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [263168 2014-07-16] (Intel(R) Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2014-05-06] (Intel Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21968 2014-03-16] (Intel Corporation)
R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [134600 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [236672 2014-04-03] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [66408 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [58376 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [367776 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [574576 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [345584 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [81264 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [215624 2014-04-03] (McAfee, Inc.)
R3 ov2722; C:\WINDOWS\System32\drivers\ov2722.sys [49152 2014-06-27] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [48128 2014-03-16] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [183000 2014-06-03] (Realtek Semiconductor Corp.)
R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [508120 2014-08-07] (Realtek Semiconductor Corporation)
R3 RtlWlans; C:\WINDOWS\system32\DRIVERS\rtwlans.sys [2798808 2014-09-11] (Realtek Semiconductor Corporation                          )
R3 SensorsAlsDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2014-01-09] (Intel Corporation)
R2 VDWFP; C:\WINDOWS\system32\Drivers\VDWFP.sys [32600 2014-07-01] (Superfish, Inc.)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [92504 2014-11-30] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 00:06 - 2015-03-02 00:06 - 00028672 ___SH () C:\WINDOWS\system32\config\BCD-Template.LOG
2015-03-02 00:06 - 2015-03-02 00:06 - 00000000 _____ () C:\Recovery.txt
2015-03-01 15:40 - 2015-03-01 15:41 - 00018316 _____ () C:\Users\Esther\Downloads\FRST.txt
2015-03-01 15:40 - 2015-03-01 15:40 - 00000000 ____D () C:\FRST
2015-03-01 15:39 - 2015-03-01 15:39 - 01132032 _____ (Farbar) C:\Users\Esther\Downloads\FRST.exe
2015-03-01 15:35 - 2015-03-01 15:35 - 00002983 _____ () C:\Users\Esther\Desktop\Google hängt _trackid=sp-006 - Trojaner-Board.lnk
2015-03-01 15:32 - 2015-03-01 15:32 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0542c7ff0f32b.job
2015-03-01 15:28 - 2015-03-01 15:32 - 00002152 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-01 15:28 - 2015-03-01 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-01 15:27 - 2015-03-01 15:37 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-01 15:27 - 2015-03-01 15:28 - 00000000 ____D () C:\Users\Esther\AppData\Local\Google
2015-03-01 15:27 - 2015-03-01 15:28 - 00000000 ____D () C:\Program Files\Google
2015-03-01 15:27 - 2015-03-01 15:27 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-01 15:22 - 2015-03-01 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-03-01 15:22 - 2015-03-01 15:22 - 00000000 ____D () C:\ProgramData\LU
2015-03-01 15:20 - 2015-03-01 15:20 - 00000000 __SHD () C:\Users\Esther\AppData\Local\EmieUserList
2015-03-01 15:20 - 2015-03-01 15:20 - 00000000 __SHD () C:\Users\Esther\AppData\Local\EmieSiteList
2015-03-01 15:20 - 2015-03-01 15:20 - 00000000 ___DO () C:\Users\Esther\OneDrive
2015-03-01 15:18 - 2015-03-01 15:18 - 00000000 ____D () C:\Users\Esther\AppData\Local\Lenovo
2015-03-01 15:16 - 2015-03-01 15:16 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Macromedia
2015-03-01 15:15 - 2015-03-01 15:15 - 00000000 ____D () C:\Users\Esther\AppData\Local\PackageStaging
2015-03-01 15:14 - 2015-03-01 15:20 - 00000000 ____D () C:\Users\Esther
2015-03-01 15:14 - 2015-03-01 15:14 - 00001461 _____ () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-01 15:14 - 2015-03-01 15:14 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-03-01 15:14 - 2015-03-01 15:14 - 00000020 ___SH () C:\Users\Esther\ntuser.ini
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Startmenü
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Netzwerkumgebung
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Druckumgebung
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Documents\Eigene Musik
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Documents\Eigene Bilder
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\AppData\Local\Verlauf
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Adobe
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 ____D () C:\Users\Esther\AppData\Local\VirtualStore
2015-03-01 15:14 - 2014-11-30 21:29 - 00000000 ___RD () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-01 15:14 - 2014-11-30 21:21 - 00000000 ___RD () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-01 15:14 - 2014-11-30 13:29 - 00000000 ____D () C:\Users\Esther\AppData\Local\Pokki
2015-03-01 15:14 - 2014-03-18 08:48 - 00000369 _____ () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-03-01 15:14 - 2014-03-18 08:48 - 00000369 _____ () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-03-01 15:14 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-01 15:14 - 2013-08-22 09:17 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-01 15:12 - 2015-03-01 15:13 - 00250775 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-03-01 15:10 - 2015-03-01 15:10 - 00000468 _____ () C:\WINDOWS\DtcInstall.log
2015-03-01 15:07 - 2015-03-01 15:07 - 00001201 _____ () C:\WINDOWS\setupact.log
2015-03-01 15:07 - 2015-03-01 15:07 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-03-01 15:06 - 2015-03-01 15:06 - 00002124 _____ () C:\WINDOWS\PFRO.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 00:06 - 2013-08-22 09:17 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-03-01 15:27 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-01 15:19 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-01 15:18 - 2014-11-30 13:33 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-01 15:18 - 2014-11-30 13:32 - 00000000 ____D () C:\ProgramData\Lenovo
2015-03-01 15:17 - 2014-03-18 08:50 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-01 15:16 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-03-01 15:14 - 2014-11-30 22:52 - 00080967 _____ () C:\WINDOWS\modules.log
2015-03-01 15:14 - 2014-04-04 09:08 - 00000000 ____D () C:\WINDOWS\Panther
2015-03-01 15:12 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-03-01 15:12 - 2013-08-22 07:21 - 00000000 ___RD () C:\Users\Public
2015-03-01 15:11 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Windows NT
2015-03-01 15:11 - 2013-08-22 08:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-01 15:11 - 2013-08-22 07:21 - 00000000 ___HD () C:\Users\Default
2015-03-01 15:10 - 2014-11-30 13:32 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf
2015-03-01 15:10 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-01 15:07 - 2013-08-22 08:22 - 00333576 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-01 15:06

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

bAdwCleaner Logfile:
Code:
# AdwCleaner v4.111 - Bericht erstellt 01/03/2015 um 15:52:32
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Server]
# Betriebssystem : Windows 8.1 Connected  (x86)
# Benutzername : Esther - Lenovo-PC
# Gestarted von : C:\Users\Esther\Downloads\AdwCleaner_4.111.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : VisualDiscovery
Dienst Gelöscht : VDWFP

***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\WINDOWS\system32\VisualDiscovery.ini
Datei Gelöscht : C:\WINDOWS\system32\VisualDiscoveryOff.ini

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\VisualDiscovery
Schlüssel Gelöscht : HKLM\SOFTWARE\Superfish Inc. VisualDiscovery
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Superfish Inc. VisualDiscovery

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Google Chrome v40.0.2214.115


*************************

AdwCleaner[R0].txt - [2365 Bytes] - [01/03/2015 15:48:35]
AdwCleaner[S0].txt - [2287 Bytes] - [01/03/2015 15:52:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2346  Bytes] ##########
--- --- ---

Was mir auch aufgefallen ist: konnte mich nie bei whatsapp web anmelden da der QR Code nie erschienen ist. Aber nach dem ich den AdwCleaner durlaufen lies und er die 2 Dateien gelöscht hat funktioniert auch der QR Code.
Auch Google Chrome hängt das trackidsp-006 nicht mehr hintendran seit dem ich den Browserverlauf gefühlte 100 mal gelöscht habe.

schrauber 02.03.2015 06:50
Zitat:
Pc neu installieren.

So habe jetzt den PC komplett neu installiert.
Warum macht man denn sowas? Einfach hier mal nachfragen hätte gereicht.

Dein Google Konto synct die Malware immer wieder in den Browser. Browser zurücksetzen wenn das konto verbunden ist, haste ja gemacht, aber:

Wie kann man sich bitte ein frisch installiertes System gleich wieder versauen??????

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Superfish Inc. VisualDiscovery (HKLM\...\Superfish Inc. VisualDiscovery) (Version: 1.0.0.4 - Superfish) <==== ATTENTION


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

EsleTra 02.03.2015 08:32
Konnte das Programm Superfish.... nicht über den Revo Uninstller nicht finden.
Aber der Mam hat es gefunden.
FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-02-2015
Ran by Esther (administrator) on LENOVO-PC on 02-03-2015 07:56:55
Running from C:\Users\Esther\Downloads
Loaded Profiles: Esther (Available profiles: Esther)
Platform: Microsoft Windows 8.1 mit Bing (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\ModeTran_cp.exe
() C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\FolioSer.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Lenovo Updates\LUService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
() C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\McAfee\msc\McAPExe.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\ModeTran.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x86__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_9e518b59e2a6e738\TiWorker.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\System32\DptfPolicyLpmServiceHelper.exe [73216 2014-06-25] (Intel Corporation)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499352 2014-09-17] (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Start Page = Homepage
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-11-30]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://google.de/
CHR StartupUrls: Default -> "hxxp://www.delta-search.com/?affID=120518&tt=190313_wo3&babsrc=HP_ss&mntrId=B0A9BC05430E79B2", "hxxp://www.giga.de/my_homepage/0022/", "hxxp://isearch.avg.com?cid={CC37F0BC-AA78-474C-A059-8A496B9BA64A}&mid=a9335737799b47d0b6dc016ecee48aac-7a044ede462d0fc8a954fa45c38878beea4ac26d&lang=de&ds=AVG&coid=avgtbavg&pr=pr&d=2013-10-07 13:11:04&v=17.0.1.12&pid=avg&sg=0&sap=hp", "hxxp://homepage-web.com/?s=lenovo&m=start", "hxxp://www.lenovo.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-01]
CHR Extension: (Google Drive) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-01]
CHR Extension: (YouTube) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-01]
CHR Extension: (Facebook) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-03-01]
CHR Extension: (GMX MailCheck) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2015-03-01]
CHR Extension: (Pushbullet) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-03-01]
CHR Extension: (Google Search) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-01]
CHR Extension: (Google Sheets) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-01]
CHR Extension: (Google Play) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-03-01]
CHR Extension: (Gmail) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [161496 2014-09-10] ()
S2 CCSDK; C:\Program Files\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] ()
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [279000 2014-06-14] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [75264 2014-06-25] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [89088 2014-06-25] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [82432 2014-06-25] (Intel Corporation)
R2 FOLIOSRV; C:\Program Files\Lenovo\FolioCase\FolioSer.exe [23552 2014-07-29] (Lenovo) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [277976 2014-06-14] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\lenovo\easyplussdk\bin\EPHotspot.exe [439040 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
R2 LUService; C:\Program Files\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-17] (Lenovo(beijing) Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [286136 2014-03-12] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [661088 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [171368 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [179608 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2013-12-12] (Nitro PDF Software)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 VeriFaceSrv; C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [54544 2014-11-30] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-22] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-04-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acpials; C:\WINDOWS\system32\DRIVERS\acpials.sys [7680 2014-03-18] (Microsoft Corporation)
S3 AX88772; C:\WINDOWS\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
R3 BMA2x2Accelerometer; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [186880 2014-03-18] (Microsoft Corporation)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [460800 2014-06-27] (Intel Corporation)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [62840 2014-10-01] (McAfee, Inc.)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [36352 2014-06-25] (Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\system32\DRIVERS\DptfDevPower.sys [17408 2014-06-25] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\system32\DRIVERS\DptfDevDisplay.sys [19968 2014-06-25] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [28160 2014-06-25] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [72704 2014-06-25] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [174080 2014-06-25] (Intel Corporation)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2014-05-05] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2014-03-22] (Intel Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [58368 2014-03-22] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2014-03-22] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32152 2014-05-06] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [263168 2014-07-16] (Intel(R) Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2014-05-06] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21968 2014-03-16] (Intel Corporation)
R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [135880 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [238312 2014-10-01] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [67824 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [59728 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [371712 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [575992 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [352360 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [81304 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [217232 2014-10-01] (McAfee, Inc.)
R3 ov2722; C:\WINDOWS\System32\drivers\ov2722.sys [49152 2014-06-27] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [48128 2014-03-16] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [183000 2014-06-03] (Realtek Semiconductor Corp.)
R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [508120 2014-08-07] (Realtek Semiconductor Corporation)
R3 RtlWlans; C:\WINDOWS\system32\DRIVERS\rtwlans.sys [2798808 2014-09-11] (Realtek Semiconductor Corporation                          )
R3 SensorsAlsDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2014-01-09] (Intel Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84800 2014-09-22] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 07:55 - 2015-02-03 20:31 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-03-02 07:55 - 2015-02-03 20:31 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-03-02 07:47 - 2015-03-02 07:47 - 00001114 _____ () C:\Users\Esther\Desktop\mbam.txt
2015-03-02 07:37 - 2013-09-23 13:48 - 00147912 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2015-03-02 07:35 - 2015-03-02 07:56 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-02 07:34 - 2015-03-02 07:34 - 00001083 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-02 07:34 - 2015-03-02 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-02 07:33 - 2015-03-02 07:34 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-02 07:33 - 2015-03-02 07:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-02 07:33 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-02 07:33 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-02 07:33 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-02 07:29 - 2015-03-02 07:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Esther\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-02 07:26 - 2015-03-02 07:26 - 00001249 _____ () C:\Users\Esther\Desktop\Revo Uninstaller.lnk
2015-03-02 07:26 - 2015-03-02 07:26 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-02 07:25 - 2015-03-02 07:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Esther\Downloads\revosetup95.exe
2015-03-02 00:06 - 2015-03-02 00:06 - 00028672 ___SH () C:\WINDOWS\system32\config\BCD-Template.LOG
2015-03-02 00:06 - 2015-03-02 00:06 - 00000000 _____ () C:\Recovery.txt
2015-03-01 18:02 - 2015-03-01 18:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-01 18:02 - 2015-01-29 17:49 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-01 16:48 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-01 16:47 - 2015-01-15 23:37 - 00478776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-03-01 16:47 - 2015-01-15 23:37 - 00148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-03-01 16:47 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-03-01 16:47 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-03-01 16:47 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-03-01 16:47 - 2014-10-29 02:03 - 01117696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-03-01 16:46 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-01 16:46 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-01 16:46 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-01 16:46 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-01 16:46 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-01 16:46 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-03-01 16:46 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-01 16:46 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-01 16:46 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-01 16:46 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-01 16:46 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-01 16:46 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-01 16:46 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-03-01 16:46 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-01 16:46 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-01 16:46 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-01 16:46 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-01 16:46 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-01 16:46 - 2015-01-10 08:38 - 03550720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-01 16:46 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-03-01 16:46 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-01 16:46 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-01 16:46 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2015-03-01 16:46 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2015-03-01 16:46 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2015-03-01 16:46 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2015-03-01 16:46 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2015-03-01 16:46 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2015-03-01 16:46 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-03-01 16:46 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2015-03-01 16:46 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-03-01 16:46 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-03-01 16:46 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2015-03-01 16:46 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-03-01 16:46 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2015-03-01 16:46 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2015-03-01 16:46 - 2014-10-31 04:12 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2015-03-01 16:46 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-01 16:46 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2015-03-01 16:46 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2015-03-01 16:46 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-03-01 16:46 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2015-03-01 16:46 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-03-01 16:46 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-03-01 16:46 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2015-03-01 16:46 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2015-03-01 16:46 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-01 16:46 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2015-03-01 16:45 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-01 16:44 - 2015-01-10 09:28 - 05769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-01 16:44 - 2015-01-10 09:28 - 01468408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-01 16:42 - 2014-12-19 06:46 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-03-01 16:42 - 2014-12-09 04:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-03-01 16:41 - 2014-12-12 02:34 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-03-01 16:41 - 2014-12-08 20:46 - 00485544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-03-01 16:41 - 2014-12-08 20:46 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-03-01 16:41 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-03-01 16:41 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-03-01 16:41 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-03-01 16:41 - 2014-12-06 03:36 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-03-01 16:41 - 2014-12-06 02:28 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-03-01 16:41 - 2014-12-06 02:23 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-03-01 16:41 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-03-01 16:41 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-03-01 16:41 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-03-01 16:41 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-03-01 16:41 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-03-01 16:41 - 2014-10-29 04:07 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-03-01 16:41 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-03-01 16:41 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-03-01 16:41 - 2014-10-29 01:49 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-03-01 16:40 - 2014-12-12 01:46 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-03-01 16:40 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-03-01 16:40 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-03-01 16:39 - 2014-10-10 03:28 - 00022848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-03-01 16:39 - 2014-10-08 07:48 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-01 16:39 - 2014-10-08 07:39 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-03-01 16:39 - 2014-10-08 06:16 - 02975232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-01 16:39 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-03-01 16:38 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2015-03-01 16:38 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-03-01 16:36 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-03-01 16:36 - 2014-09-27 04:12 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-03-01 16:35 - 2014-10-12 09:58 - 00047424 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdusb.dll
2015-03-01 16:35 - 2014-09-10 07:18 - 00333632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-03-01 16:35 - 2014-09-08 03:33 - 01858368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-03-01 16:35 - 2014-09-08 03:33 - 00286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-03-01 16:35 - 2014-09-07 23:07 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-01 16:35 - 2014-09-04 23:29 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-01 16:35 - 2014-09-04 23:20 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-01 16:35 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-03-01 16:35 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-03-01 16:35 - 2014-09-04 01:11 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WofTasks.dll
2015-03-01 16:35 - 2014-09-04 01:00 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2015-03-01 16:35 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-01 16:35 - 2014-08-31 00:00 - 00120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2015-03-01 16:35 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-01 16:35 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2015-03-01 16:35 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-03-01 16:35 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2015-03-01 16:35 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-03-01 16:35 - 2014-08-23 05:47 - 02151936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-03-01 16:35 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-03-01 16:35 - 2014-07-24 10:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2015-03-01 16:35 - 2014-07-24 09:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2015-03-01 16:35 - 2014-07-24 08:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2015-03-01 16:33 - 2014-10-18 09:49 - 00048496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-03-01 16:33 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-03-01 16:33 - 2014-10-18 08:25 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-03-01 16:33 - 2014-10-18 07:29 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-03-01 16:33 - 2014-10-18 07:16 - 02946560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-03-01 16:33 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-03-01 16:33 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-03-01 16:33 - 2014-10-18 07:12 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-03-01 16:33 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-03-01 16:33 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-03-01 16:33 - 2014-10-18 07:08 - 01653248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-03-01 16:32 - 2014-09-22 03:40 - 00219968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-01 16:32 - 2014-09-22 03:40 - 00084800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-01 16:32 - 2014-09-22 03:39 - 00029688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-01 16:32 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-01 16:31 - 2014-08-29 02:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2015-03-01 16:31 - 2014-08-29 01:59 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-03-01 16:31 - 2014-08-29 00:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-01 16:31 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2015-03-01 16:31 - 2014-08-16 04:08 - 00863528 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-03-01 16:31 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2015-03-01 16:31 - 2014-08-16 01:39 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-03-01 16:31 - 2014-08-16 01:35 - 00101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2015-03-01 16:31 - 2014-08-16 01:31 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2015-03-01 16:31 - 2014-08-16 01:30 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-03-01 16:31 - 2014-08-16 01:29 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2015-03-01 16:31 - 2014-08-16 01:23 - 00808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2015-03-01 16:31 - 2014-08-16 01:21 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2015-03-01 16:31 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-01 16:31 - 2014-08-16 01:15 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-03-01 16:31 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2015-03-01 16:31 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-03-01 16:31 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-03-01 16:31 - 2014-08-16 01:11 - 03985408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-03-01 16:31 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-03-01 16:31 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-01 16:31 - 2014-08-16 01:05 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-03-01 16:31 - 2014-07-24 14:48 - 00376128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-03-01 16:31 - 2014-07-24 11:43 - 01016320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-03-01 16:31 - 2014-07-24 11:42 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2015-03-01 16:31 - 2014-07-24 10:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-03-01 16:28 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2015-03-01 16:27 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-03-01 16:25 - 2014-08-23 08:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-01 16:25 - 2014-08-23 06:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2015-03-01 16:25 - 2014-08-23 05:02 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2015-03-01 16:25 - 2014-08-15 00:35 - 00122688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2015-03-01 16:25 - 2014-07-30 02:57 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-03-01 16:25 - 2014-07-29 06:06 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2015-03-01 16:24 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-03-01 16:23 - 2014-08-07 00:36 - 01090280 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-03-01 16:23 - 2014-08-02 01:15 - 00976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-03-01 16:22 - 2014-07-15 18:07 - 02257584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2015-03-01 16:22 - 2014-07-15 09:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2015-03-01 16:22 - 2014-07-15 08:55 - 02045440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2015-03-01 16:22 - 2014-07-12 04:43 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-03-01 16:21 - 2014-06-20 01:36 - 00805136 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-03-01 16:21 - 2014-06-13 01:10 - 01326936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-03-01 16:21 - 2014-06-13 01:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-03-01 16:21 - 2014-06-04 09:22 - 00107352 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-03-01 16:21 - 2014-06-04 05:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2015-03-01 16:06 - 2015-03-01 16:06 - 00001048 _____ () C:\Users\Esther\Desktop\Notepad++.lnk
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Notepad++
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\Program Files\Notepad++
2015-03-01 16:05 - 2015-03-01 16:05 - 07965917 _____ () C:\Users\Esther\Downloads\npp.6.7.4.Installer.exe
2015-03-01 16:02 - 2015-03-01 16:27 - 00000000 ____D () C:\Users\Esther\Desktop\VuPlus EMM
2015-03-01 16:02 - 2014-05-19 06:33 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2015-03-01 16:02 - 2014-05-19 06:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2015-03-01 16:00 - 2015-03-01 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-03-01 15:55 - 2015-03-01 15:55 - 00002581 _____ () C:\Users\Esther\Desktop\(1) WhatsApp Web.lnk
2015-03-01 15:48 - 2015-03-01 15:52 - 00000000 ____D () C:\AdwCleaner
2015-03-01 15:48 - 2015-03-01 15:48 - 02126848 _____ () C:\Users\Esther\Downloads\AdwCleaner_4.111.exe
2015-03-01 15:41 - 2015-03-01 15:43 - 00014501 _____ () C:\Users\Esther\Downloads\Addition.txt
2015-03-01 15:40 - 2015-03-02 07:57 - 00000000 ____D () C:\FRST
2015-03-01 15:40 - 2015-03-02 07:56 - 00018328 _____ () C:\Users\Esther\Downloads\FRST.txt
2015-03-01 15:39 - 2015-03-01 15:39 - 01132032 _____ (Farbar) C:\Users\Esther\Downloads\FRST.exe
2015-03-01 15:35 - 2015-03-01 15:35 - 00002983 _____ () C:\Users\Esther\Desktop\Google hängt _trackid=sp-006 - Trojaner-Board.lnk
2015-03-01 15:32 - 2015-03-01 15:32 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0542c7ff0f32b.job
2015-03-01 15:28 - 2015-03-01 16:36 - 00002152 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-01 15:28 - 2015-03-01 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-01 15:27 - 2015-03-02 07:56 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-01 15:27 - 2015-03-01 15:28 - 00000000 ____D () C:\Users\Esther\AppData\Local\Google
2015-03-01 15:27 - 2015-03-01 15:28 - 00000000 ____D () C:\Program Files\Google
2015-03-01 15:27 - 2015-03-01 15:27 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-01 15:22 - 2015-03-01 15:22 - 00000000 ____D () C:\ProgramData\LU
2015-03-01 15:20 - 2015-03-02 07:56 - 00000000 ___DO () C:\Users\Esther\OneDrive
2015-03-01 15:20 - 2015-03-01 15:20 - 00000000 __SHD () C:\Users\Esther\AppData\Local\EmieUserList
2015-03-01 15:20 - 2015-03-01 15:20 - 00000000 __SHD () C:\Users\Esther\AppData\Local\EmieSiteList
2015-03-01 15:18 - 2015-03-01 15:18 - 00000000 ____D () C:\Users\Esther\AppData\Local\Lenovo
2015-03-01 15:16 - 2015-03-01 15:16 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Macromedia
2015-03-01 15:15 - 2015-03-01 15:15 - 00000000 ____D () C:\Users\Esther\AppData\Local\PackageStaging
2015-03-01 15:14 - 2015-03-01 15:20 - 00000000 ____D () C:\Users\Esther
2015-03-01 15:14 - 2015-03-01 15:14 - 00001461 _____ () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-01 15:14 - 2015-03-01 15:14 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-03-01 15:14 - 2015-03-01 15:14 - 00000020 ___SH () C:\Users\Esther\ntuser.ini
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Startmenü
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Netzwerkumgebung
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Druckumgebung
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Documents\Eigene Musik
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Documents\Eigene Bilder
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\AppData\Local\Verlauf
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Adobe
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 ____D () C:\Users\Esther\AppData\Local\VirtualStore
2015-03-01 15:14 - 2014-11-30 21:29 - 00000000 ___RD () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-01 15:14 - 2014-11-30 21:21 - 00000000 ___RD () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-01 15:14 - 2014-11-30 13:29 - 00000000 ____D () C:\Users\Esther\AppData\Local\Pokki
2015-03-01 15:14 - 2014-03-18 08:48 - 00000369 _____ () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-03-01 15:14 - 2014-03-18 08:48 - 00000369 _____ () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-03-01 15:14 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-01 15:14 - 2013-08-22 09:17 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-01 15:12 - 2015-03-02 07:56 - 01391508 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-03-01 15:10 - 2015-03-01 15:10 - 00000468 _____ () C:\WINDOWS\DtcInstall.log
2015-03-01 15:07 - 2015-03-02 07:54 - 00001317 _____ () C:\WINDOWS\setupact.log
2015-03-01 15:07 - 2015-03-01 15:07 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-03-01 15:06 - 2015-03-02 07:54 - 00002994 _____ () C:\WINDOWS\PFRO.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 07:55 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-03-02 07:54 - 2014-11-30 13:33 - 00000000 ____D () C:\Program Files\McAfee
2015-03-02 07:54 - 2013-08-22 08:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-02 07:54 - 2013-08-22 08:22 - 00335600 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-02 07:53 - 2014-11-30 13:32 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf
2015-03-02 07:53 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-02 07:38 - 2014-11-30 13:33 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-02 07:36 - 2014-11-30 13:33 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-03-02 07:35 - 2013-08-22 09:17 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-03-02 07:04 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-02 00:06 - 2013-08-22 09:17 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-03-01 18:11 - 2013-08-22 09:05 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-01 16:08 - 2014-04-04 09:08 - 00000000 ____D () C:\WINDOWS\Panther
2015-03-01 16:02 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-01 16:00 - 2014-03-18 08:50 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-01 15:53 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2015-03-01 15:27 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-01 15:19 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-01 15:18 - 2014-11-30 13:32 - 00000000 ____D () C:\ProgramData\Lenovo
2015-03-01 15:14 - 2014-11-30 22:52 - 00080967 _____ () C:\WINDOWS\modules.log
2015-03-01 15:12 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-03-01 15:12 - 2013-08-22 07:21 - 00000000 ___RD () C:\Users\Public
2015-03-01 15:11 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Windows NT
2015-03-01 15:11 - 2013-08-22 07:21 - 00000000 ___HD () C:\Users\Default

Some content of TEMP:
====================
C:\Users\Esther\AppData\Local\Temp\Quarantine.exe
C:\Users\Esther\AppData\Local\Temp\sqlite3.dll
C:\Users\Esther\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-01 15:06

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---


Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 02.03.2015
Scan Time: 07:37:10
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.02.01
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x86
File System: NTFS
User: Esther

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 298872
Time Elapsed: 8 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.SuperFish, C:\Windows\System32\Drivers\VDWFP.sys, , [497018283555c57107bba06e788e54ac],

Physical Sectors: 0
(No malicious items detected)


(end)

Keine Ahnung wie das auf das frische System wieder drauf gekommen ist. Hatte nur Google Chrome installiert und dann ohne und mit Anmeldung eine Suchanfrage gestartet.
Ich weiß ja nicht inwiefern der Tablet-PC bei Neuinstallation alles bereinigt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 8.1 Connected x86
Ran by Esther on 02.03.2015 at 8:13:06,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2447949755-921433259-1447528216-1001



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.03.2015 at 8:21:55,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-02-2015
Ran by Esther (administrator) on LENOVO-PC on 02-03-2015 08:23:19
Running from C:\Users\Esther\Downloads
Loaded Profiles: Esther (Available profiles: Esther)
Platform: Microsoft Windows 8.1 mit Bing (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\ModeTran_cp.exe
() C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\FolioSer.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Lenovo Updates\LUService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
() C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\McAfee\msc\McAPExe.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\ModeTran.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Lenovo Updates\LU.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\System32\DptfPolicyLpmServiceHelper.exe [73216 2014-06-25] (Intel Corporation)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499352 2014-09-17] (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Start Page = Homepage
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-11-30]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://google.de/
CHR StartupUrls: Default -> "hxxp://www.delta-search.com/?affID=120518&tt=190313_wo3&babsrc=HP_ss&mntrId=B0A9BC05430E79B2", "hxxp://www.giga.de/my_homepage/0022/", "hxxp://isearch.avg.com?cid={CC37F0BC-AA78-474C-A059-8A496B9BA64A}&mid=a9335737799b47d0b6dc016ecee48aac-7a044ede462d0fc8a954fa45c38878beea4ac26d&lang=de&ds=AVG&coid=avgtbavg&pr=pr&d=2013-10-07 13:11:04&v=17.0.1.12&pid=avg&sg=0&sap=hp", "hxxp://homepage-web.com/?s=lenovo&m=start", "hxxp://www.lenovo.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-01]
CHR Extension: (Google Drive) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-01]
CHR Extension: (YouTube) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-01]
CHR Extension: (Facebook) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-03-01]
CHR Extension: (GMX MailCheck) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2015-03-01]
CHR Extension: (Pushbullet) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-03-01]
CHR Extension: (Google Search) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-01]
CHR Extension: (Google Sheets) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-01]
CHR Extension: (Google Play) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-03-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-02]
CHR Extension: (Gmail) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [161496 2014-09-10] ()
S2 CCSDK; C:\Program Files\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] ()
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [279000 2014-06-14] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [75264 2014-06-25] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [89088 2014-06-25] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [82432 2014-06-25] (Intel Corporation)
R2 FOLIOSRV; C:\Program Files\Lenovo\FolioCase\FolioSer.exe [23552 2014-07-29] (Lenovo) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [277976 2014-06-14] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\lenovo\easyplussdk\bin\EPHotspot.exe [439040 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
R2 LUService; C:\Program Files\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-17] (Lenovo(beijing) Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [286136 2014-03-12] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [661088 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [171368 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [179608 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2013-12-12] (Nitro PDF Software)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 VeriFaceSrv; C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [54544 2014-11-30] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-22] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-04-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acpials; C:\WINDOWS\system32\DRIVERS\acpials.sys [7680 2014-03-18] (Microsoft Corporation)
S3 AX88772; C:\WINDOWS\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
R3 BMA2x2Accelerometer; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [186880 2014-03-18] (Microsoft Corporation)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [460800 2014-06-27] (Intel Corporation)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [62840 2014-10-01] (McAfee, Inc.)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [36352 2014-06-25] (Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\system32\DRIVERS\DptfDevPower.sys [17408 2014-06-25] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\system32\DRIVERS\DptfDevDisplay.sys [19968 2014-06-25] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [28160 2014-06-25] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [72704 2014-06-25] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [174080 2014-06-25] (Intel Corporation)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2014-05-05] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2014-03-22] (Intel Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [58368 2014-03-22] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2014-03-22] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32152 2014-05-06] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [263168 2014-07-16] (Intel(R) Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2014-05-06] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21968 2014-03-16] (Intel Corporation)
R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [135880 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [238312 2014-10-01] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [67824 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [59728 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [371712 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [575992 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [352360 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [81304 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [217232 2014-10-01] (McAfee, Inc.)
R3 ov2722; C:\WINDOWS\System32\drivers\ov2722.sys [49152 2014-06-27] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [48128 2014-03-16] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [183000 2014-06-03] (Realtek Semiconductor Corp.)
R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [508120 2014-08-07] (Realtek Semiconductor Corporation)
R3 RtlWlans; C:\WINDOWS\system32\DRIVERS\rtwlans.sys [2798808 2014-09-11] (Realtek Semiconductor Corporation                          )
R3 SensorsAlsDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2014-01-09] (Intel Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84800 2014-09-22] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 08:21 - 2015-03-02 08:21 - 00000761 _____ () C:\Users\Esther\Desktop\JRT.txt
2015-03-02 08:12 - 2015-03-02 08:12 - 01388333 _____ (Thisisu) C:\Users\Esther\Downloads\JRT.exe
2015-03-02 08:03 - 2015-03-02 08:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-03-02 07:55 - 2015-02-03 20:31 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-03-02 07:55 - 2015-02-03 20:31 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-03-02 07:47 - 2015-03-02 07:47 - 00001114 _____ () C:\Users\Esther\Desktop\mbam.txt
2015-03-02 07:37 - 2013-09-23 13:48 - 00147912 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2015-03-02 07:35 - 2015-03-02 07:56 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-02 07:34 - 2015-03-02 07:34 - 00001083 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-02 07:34 - 2015-03-02 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-02 07:33 - 2015-03-02 07:34 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-02 07:33 - 2015-03-02 07:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-02 07:33 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-02 07:33 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-02 07:33 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-02 07:29 - 2015-03-02 07:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Esther\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-02 07:26 - 2015-03-02 07:26 - 00001249 _____ () C:\Users\Esther\Desktop\Revo Uninstaller.lnk
2015-03-02 07:26 - 2015-03-02 07:26 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-02 07:25 - 2015-03-02 07:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Esther\Downloads\revosetup95.exe
2015-03-02 00:06 - 2015-03-02 00:06 - 00028672 ___SH () C:\WINDOWS\system32\config\BCD-Template.LOG
2015-03-02 00:06 - 2015-03-02 00:06 - 00000000 _____ () C:\Recovery.txt
2015-03-01 18:02 - 2015-03-01 18:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-01 18:02 - 2015-01-29 17:49 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-01 16:48 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-01 16:47 - 2015-01-15 23:37 - 00478776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-03-01 16:47 - 2015-01-15 23:37 - 00148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-03-01 16:47 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-03-01 16:47 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-03-01 16:47 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-03-01 16:47 - 2014-10-29 02:03 - 01117696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-03-01 16:46 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-01 16:46 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-01 16:46 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-01 16:46 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-01 16:46 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-01 16:46 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-03-01 16:46 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-01 16:46 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-01 16:46 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-01 16:46 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-01 16:46 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-01 16:46 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-01 16:46 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-03-01 16:46 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-01 16:46 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-01 16:46 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-01 16:46 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-01 16:46 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-01 16:46 - 2015-01-10 08:38 - 03550720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-01 16:46 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-03-01 16:46 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-01 16:46 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-01 16:46 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2015-03-01 16:46 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2015-03-01 16:46 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2015-03-01 16:46 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2015-03-01 16:46 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2015-03-01 16:46 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2015-03-01 16:46 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-03-01 16:46 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2015-03-01 16:46 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-03-01 16:46 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-03-01 16:46 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2015-03-01 16:46 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-03-01 16:46 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2015-03-01 16:46 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2015-03-01 16:46 - 2014-10-31 04:12 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2015-03-01 16:46 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-01 16:46 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2015-03-01 16:46 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2015-03-01 16:46 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-03-01 16:46 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2015-03-01 16:46 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-03-01 16:46 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-03-01 16:46 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2015-03-01 16:46 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2015-03-01 16:46 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-01 16:46 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2015-03-01 16:45 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-01 16:44 - 2015-01-10 09:28 - 05769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-01 16:44 - 2015-01-10 09:28 - 01468408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-01 16:42 - 2014-12-19 06:46 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-03-01 16:42 - 2014-12-09 04:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-03-01 16:41 - 2014-12-12 02:34 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-03-01 16:41 - 2014-12-08 20:46 - 00485544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-03-01 16:41 - 2014-12-08 20:46 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-03-01 16:41 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-03-01 16:41 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-03-01 16:41 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-03-01 16:41 - 2014-12-06 03:36 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-03-01 16:41 - 2014-12-06 02:28 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-03-01 16:41 - 2014-12-06 02:23 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-03-01 16:41 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-03-01 16:41 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-03-01 16:41 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-03-01 16:41 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-03-01 16:41 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-03-01 16:41 - 2014-10-29 04:07 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-03-01 16:41 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-03-01 16:41 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-03-01 16:41 - 2014-10-29 01:49 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-03-01 16:40 - 2014-12-12 01:46 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-03-01 16:40 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-03-01 16:40 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-03-01 16:39 - 2014-10-10 03:28 - 00022848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-03-01 16:39 - 2014-10-08 07:48 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-01 16:39 - 2014-10-08 07:39 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-03-01 16:39 - 2014-10-08 06:16 - 02975232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-01 16:39 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-03-01 16:38 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2015-03-01 16:38 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-03-01 16:36 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-03-01 16:36 - 2014-09-27 04:12 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-03-01 16:35 - 2014-10-12 09:58 - 00047424 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdusb.dll
2015-03-01 16:35 - 2014-09-10 07:18 - 00333632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-03-01 16:35 - 2014-09-08 03:33 - 01858368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-03-01 16:35 - 2014-09-08 03:33 - 00286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-03-01 16:35 - 2014-09-07 23:07 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-01 16:35 - 2014-09-04 23:29 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-01 16:35 - 2014-09-04 23:20 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-01 16:35 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-03-01 16:35 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-03-01 16:35 - 2014-09-04 01:11 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WofTasks.dll
2015-03-01 16:35 - 2014-09-04 01:00 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2015-03-01 16:35 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-01 16:35 - 2014-08-31 00:00 - 00120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2015-03-01 16:35 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-01 16:35 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2015-03-01 16:35 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-03-01 16:35 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2015-03-01 16:35 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-03-01 16:35 - 2014-08-23 05:47 - 02151936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-03-01 16:35 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-03-01 16:35 - 2014-07-24 10:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2015-03-01 16:35 - 2014-07-24 09:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2015-03-01 16:35 - 2014-07-24 08:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2015-03-01 16:33 - 2014-10-18 09:49 - 00048496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-03-01 16:33 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-03-01 16:33 - 2014-10-18 08:25 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-03-01 16:33 - 2014-10-18 07:29 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-03-01 16:33 - 2014-10-18 07:16 - 02946560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-03-01 16:33 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-03-01 16:33 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-03-01 16:33 - 2014-10-18 07:12 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-03-01 16:33 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-03-01 16:33 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-03-01 16:33 - 2014-10-18 07:08 - 01653248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-03-01 16:32 - 2014-09-22 03:40 - 00219968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-01 16:32 - 2014-09-22 03:40 - 00084800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-01 16:32 - 2014-09-22 03:39 - 00029688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-01 16:32 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-01 16:31 - 2014-08-29 02:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2015-03-01 16:31 - 2014-08-29 01:59 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-03-01 16:31 - 2014-08-29 00:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-01 16:31 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2015-03-01 16:31 - 2014-08-16 04:08 - 00863528 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-03-01 16:31 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2015-03-01 16:31 - 2014-08-16 01:39 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-03-01 16:31 - 2014-08-16 01:35 - 00101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2015-03-01 16:31 - 2014-08-16 01:31 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2015-03-01 16:31 - 2014-08-16 01:30 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-03-01 16:31 - 2014-08-16 01:29 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2015-03-01 16:31 - 2014-08-16 01:23 - 00808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2015-03-01 16:31 - 2014-08-16 01:21 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2015-03-01 16:31 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-01 16:31 - 2014-08-16 01:15 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-03-01 16:31 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2015-03-01 16:31 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-03-01 16:31 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-03-01 16:31 - 2014-08-16 01:11 - 03985408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-03-01 16:31 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-03-01 16:31 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-01 16:31 - 2014-08-16 01:05 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-03-01 16:31 - 2014-07-24 14:48 - 00376128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-03-01 16:31 - 2014-07-24 11:43 - 01016320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-03-01 16:31 - 2014-07-24 11:42 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2015-03-01 16:31 - 2014-07-24 10:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-03-01 16:28 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2015-03-01 16:27 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-03-01 16:25 - 2014-08-23 08:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-01 16:25 - 2014-08-23 06:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2015-03-01 16:25 - 2014-08-23 05:02 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2015-03-01 16:25 - 2014-08-15 00:35 - 00122688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2015-03-01 16:25 - 2014-07-30 02:57 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-03-01 16:25 - 2014-07-29 06:06 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2015-03-01 16:24 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-03-01 16:23 - 2014-08-07 00:36 - 01090280 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-03-01 16:23 - 2014-08-02 01:15 - 00976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-03-01 16:22 - 2014-07-15 18:07 - 02257584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2015-03-01 16:22 - 2014-07-15 09:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2015-03-01 16:22 - 2014-07-15 08:55 - 02045440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2015-03-01 16:22 - 2014-07-12 04:43 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-03-01 16:21 - 2014-06-20 01:36 - 00805136 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-03-01 16:21 - 2014-06-13 01:10 - 01326936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-03-01 16:21 - 2014-06-13 01:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-03-01 16:21 - 2014-06-04 09:22 - 00107352 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-03-01 16:21 - 2014-06-04 05:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2015-03-01 16:06 - 2015-03-01 16:06 - 00001048 _____ () C:\Users\Esther\Desktop\Notepad++.lnk
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Notepad++
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\Program Files\Notepad++
2015-03-01 16:05 - 2015-03-01 16:05 - 07965917 _____ () C:\Users\Esther\Downloads\npp.6.7.4.Installer.exe
2015-03-01 16:02 - 2015-03-01 16:27 - 00000000 ____D () C:\Users\Esther\Desktop\VuPlus EMM
2015-03-01 16:02 - 2014-05-19 06:33 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2015-03-01 16:02 - 2014-05-19 06:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2015-03-01 15:55 - 2015-03-01 15:55 - 00002581 _____ () C:\Users\Esther\Desktop\(1) WhatsApp Web.lnk
2015-03-01 15:48 - 2015-03-01 15:52 - 00000000 ____D () C:\AdwCleaner
2015-03-01 15:48 - 2015-03-01 15:48 - 02126848 _____ () C:\Users\Esther\Downloads\AdwCleaner_4.111.exe
2015-03-01 15:41 - 2015-03-01 15:43 - 00014501 _____ () C:\Users\Esther\Downloads\Addition.txt
2015-03-01 15:40 - 2015-03-02 08:23 - 00018508 _____ () C:\Users\Esther\Downloads\FRST.txt
2015-03-01 15:40 - 2015-03-02 08:23 - 00000000 ____D () C:\FRST
2015-03-01 15:39 - 2015-03-01 15:39 - 01132032 _____ (Farbar) C:\Users\Esther\Downloads\FRST.exe
2015-03-01 15:35 - 2015-03-01 15:35 - 00002983 _____ () C:\Users\Esther\Desktop\Google hängt _trackid=sp-006 - Trojaner-Board.lnk
2015-03-01 15:32 - 2015-03-01 15:32 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0542c7ff0f32b.job
2015-03-01 15:28 - 2015-03-01 16:36 - 00002152 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-01 15:28 - 2015-03-01 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-01 15:27 - 2015-03-02 07:56 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-01 15:27 - 2015-03-01 15:28 - 00000000 ____D () C:\Users\Esther\AppData\Local\Google
2015-03-01 15:27 - 2015-03-01 15:28 - 00000000 ____D () C:\Program Files\Google
2015-03-01 15:27 - 2015-03-01 15:27 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-01 15:22 - 2015-03-01 15:22 - 00000000 ____D () C:\ProgramData\LU
2015-03-01 15:20 - 2015-03-02 07:56 - 00000000 ___DO () C:\Users\Esther\OneDrive
2015-03-01 15:20 - 2015-03-01 15:20 - 00000000 __SHD () C:\Users\Esther\AppData\Local\EmieUserList
2015-03-01 15:20 - 2015-03-01 15:20 - 00000000 __SHD () C:\Users\Esther\AppData\Local\EmieSiteList
2015-03-01 15:18 - 2015-03-01 15:18 - 00000000 ____D () C:\Users\Esther\AppData\Local\Lenovo
2015-03-01 15:16 - 2015-03-01 15:16 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Macromedia
2015-03-01 15:15 - 2015-03-01 15:15 - 00000000 ____D () C:\Users\Esther\AppData\Local\PackageStaging
2015-03-01 15:14 - 2015-03-01 15:20 - 00000000 ____D () C:\Users\Esther
2015-03-01 15:14 - 2015-03-01 15:14 - 00001461 _____ () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-01 15:14 - 2015-03-01 15:14 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-03-01 15:14 - 2015-03-01 15:14 - 00000020 ___SH () C:\Users\Esther\ntuser.ini
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Startmenü
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Netzwerkumgebung
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Druckumgebung
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Documents\Eigene Musik
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Documents\Eigene Bilder
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\AppData\Local\Verlauf
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Adobe
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 ____D () C:\Users\Esther\AppData\Local\VirtualStore
2015-03-01 15:14 - 2014-11-30 21:29 - 00000000 ___RD () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-01 15:14 - 2014-11-30 21:21 - 00000000 ___RD () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-01 15:14 - 2014-11-30 13:29 - 00000000 ____D () C:\Users\Esther\AppData\Local\Pokki
2015-03-01 15:14 - 2014-03-18 08:48 - 00000369 _____ () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-03-01 15:14 - 2014-03-18 08:48 - 00000369 _____ () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-03-01 15:14 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-01 15:14 - 2013-08-22 09:17 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-01 15:12 - 2015-03-02 08:21 - 01393289 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-03-01 15:10 - 2015-03-01 15:10 - 00000468 _____ () C:\WINDOWS\DtcInstall.log
2015-03-01 15:07 - 2015-03-02 07:54 - 00001317 _____ () C:\WINDOWS\setupact.log
2015-03-01 15:07 - 2015-03-01 15:07 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-03-01 15:06 - 2015-03-02 07:54 - 00002994 _____ () C:\WINDOWS\PFRO.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 08:02 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-02 07:59 - 2014-03-18 08:50 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-02 07:55 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-03-02 07:54 - 2014-11-30 13:33 - 00000000 ____D () C:\Program Files\McAfee
2015-03-02 07:54 - 2013-08-22 08:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-02 07:54 - 2013-08-22 08:22 - 00335600 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-02 07:53 - 2014-11-30 13:32 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf
2015-03-02 07:53 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-02 07:38 - 2014-11-30 13:33 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-02 07:36 - 2014-11-30 13:33 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-03-02 07:35 - 2013-08-22 09:17 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-03-02 00:06 - 2013-08-22 09:17 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-03-01 18:11 - 2013-08-22 09:05 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-01 16:08 - 2014-04-04 09:08 - 00000000 ____D () C:\WINDOWS\Panther
2015-03-01 16:02 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-01 15:53 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2015-03-01 15:27 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-01 15:19 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-01 15:18 - 2014-11-30 13:32 - 00000000 ____D () C:\ProgramData\Lenovo
2015-03-01 15:14 - 2014-11-30 22:52 - 00080967 _____ () C:\WINDOWS\modules.log
2015-03-01 15:12 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-03-01 15:12 - 2013-08-22 07:21 - 00000000 ___RD () C:\Users\Public
2015-03-01 15:11 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Windows NT
2015-03-01 15:11 - 2013-08-22 07:21 - 00000000 ___HD () C:\Users\Default

Some content of TEMP:
====================
C:\Users\Esther\AppData\Local\Temp\Quarantine.exe
C:\Users\Esther\AppData\Local\Temp\sqlite3.dll
C:\Users\Esther\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-01 15:06

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-02-2015
Ran by Esther at 2015-03-02 08:29:58
Running from C:\Users\Esther\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Benutzerhandbücher (Version: 3.0.0.3 - Lenovo) Hidden
CCSDK (HKLM\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.0.3.4 - Lenovo)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
FolioCase (HKLM\...\InstallShield_{1979BBD9-9327-44F8-B593-515B29BE9BAB}) (Version: 1.00.0002 - Lenovo)
FolioCase (Version: 1.00.0002 - Lenovo) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.11 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo SHAREit (HKLM\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo Updates (HKLM\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.1.0.61 - Lenovo)
Lenovo Updates (Version: 1.1.0.61 - Lenovo) Hidden
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.11.14.7251 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
Metric Collection SDK 35 (Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{53D8DB49-A741-406E-B09C-8676FB05AE79}) (Version: 9.0.5.9 - Nitro)
Notepad++ (HKLM\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
REALTEK Bluetooth (HKLM\...\InstallShield_{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.65.40919 - Realtek Semiconductor Corp.)
REALTEK Bluetooth (Version: 1.0.65.40919 - Ihr Firmenname) Hidden
REALTEK Wireless LAN Driver (HKLM\...\{33AABC60-A52F-41FF-B2B9-17321240CD5}) (Version: 1.01.0243 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
UESDK (HKLM\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.2.7 - Lenovo)
User Manuals (HKLM\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:13 - 2013-08-22 07:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4F4A46A1-5A30-491A-A079-C903BFDFD6FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-01] (Google Inc.)
Task: {9CA580F7-43E8-44C8-BC9A-BB7866629E6E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {AAB4EBBA-CC83-47B7-B1CE-73E806703F2A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-01] (Google Inc.)
Task: {C72915FA-3C9B-4DF1-93C9-D9DC6A751D1D} - System32\Tasks\GoogleUpdateTaskMachineCore1d0542c7ff0f32b => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-01] (Google Inc.)
Task: {D61E6A09-AD21-4A24-B5EC-B117CE078BBD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-29] (Microsoft Corporation)
Task: {DAF43146-E516-48A3-BE31-63B6A7685179} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2015-03-01] (Lenovo)
Task: {E9E3F333-396B-4A82-A19E-7CCC3911D571} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0542c7ff0f32b.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-30 13:12 - 2014-09-10 15:24 - 00161496 _____ () C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
2014-11-30 13:32 - 2014-11-30 13:32 - 00054544 _____ () C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2014-11-30 13:32 - 2014-11-30 13:32 - 00510224 _____ () C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2015-03-01 16:36 - 2015-02-26 05:14 - 01252680 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.11\libglesv2.dll
2015-03-01 16:36 - 2015-02-26 05:14 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.11\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Esther\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VisualDiscovery => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Esther\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\lenovowallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2447949755-921433259-1447528216-500 - Administrator - Disabled)
Esther (S-1-5-21-2447949755-921433259-1447528216-1001 - Administrator - Enabled) => C:\Users\Esther
Gast (S-1-5-21-2447949755-921433259-1447528216-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2447949755-921433259-1447528216-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (03/02/2015 08:30:46 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (03/02/2015 08:30:16 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (03/02/2015 08:29:46 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (03/02/2015 08:29:16 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (03/02/2015 08:28:45 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (03/02/2015 08:28:15 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (03/02/2015 08:27:45 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (03/02/2015 08:27:15 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (03/02/2015 08:26:45 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (03/02/2015 08:26:15 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU Z3735F @ 1.33GHz
Percentage of memory in use: 63%
Total physical RAM: 1986.59 MB
Available physical RAM: 732.82 MB
Total Pagefile: 2498.59 MB
Available Pagefile: 831.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.42 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:22.6 GB) (Free:16.3 GB) NTFS
Drive d: () (Removable) (Total:29.71 GB) (Free:26.76 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 1A560338)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 29.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---

EsleTra 02.03.2015 09:21
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-02-2015
Ran by Esther (administrator) on LENOVO-PC on 02-03-2015 08:28:09
Running from C:\Users\Esther\Downloads
Loaded Profiles: Esther (Available profiles: Esther)
Platform: Microsoft Windows 8.1 mit Bing (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\ModeTran_cp.exe
() C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\FolioSer.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Lenovo Updates\LUService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
() C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\McAfee\msc\McAPExe.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\ModeTran.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Lenovo Updates\LU.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\System32\DptfPolicyLpmServiceHelper.exe [73216 2014-06-25] (Intel Corporation)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499352 2014-09-17] (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Start Page = Homepage
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-11-30]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://google.de/
CHR StartupUrls: Default -> "hxxp://www.delta-search.com/?affID=120518&tt=190313_wo3&babsrc=HP_ss&mntrId=B0A9BC05430E79B2", "hxxp://www.giga.de/my_homepage/0022/", "hxxp://isearch.avg.com?cid={CC37F0BC-AA78-474C-A059-8A496B9BA64A}&mid=a9335737799b47d0b6dc016ecee48aac-7a044ede462d0fc8a954fa45c38878beea4ac26d&lang=de&ds=AVG&coid=avgtbavg&pr=pr&d=2013-10-07 13:11:04&v=17.0.1.12&pid=avg&sg=0&sap=hp", "hxxp://homepage-web.com/?s=lenovo&m=start", "hxxp://www.lenovo.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-01]
CHR Extension: (Google Drive) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-01]
CHR Extension: (YouTube) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-01]
CHR Extension: (Facebook) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-03-01]
CHR Extension: (GMX MailCheck) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2015-03-01]
CHR Extension: (Pushbullet) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-03-01]
CHR Extension: (Google Search) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-01]
CHR Extension: (Google Sheets) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-01]
CHR Extension: (Google Play) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-03-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-02]
CHR Extension: (Gmail) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [161496 2014-09-10] ()
S2 CCSDK; C:\Program Files\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] ()
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [279000 2014-06-14] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [75264 2014-06-25] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [89088 2014-06-25] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [82432 2014-06-25] (Intel Corporation)
R2 FOLIOSRV; C:\Program Files\Lenovo\FolioCase\FolioSer.exe [23552 2014-07-29] (Lenovo) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [277976 2014-06-14] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\lenovo\easyplussdk\bin\EPHotspot.exe [439040 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
R2 LUService; C:\Program Files\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-17] (Lenovo(beijing) Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [286136 2014-03-12] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [661088 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [171368 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [179608 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2013-12-12] (Nitro PDF Software)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 VeriFaceSrv; C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [54544 2014-11-30] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-22] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-04-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acpials; C:\WINDOWS\system32\DRIVERS\acpials.sys [7680 2014-03-18] (Microsoft Corporation)
S3 AX88772; C:\WINDOWS\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
R3 BMA2x2Accelerometer; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [186880 2014-03-18] (Microsoft Corporation)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [460800 2014-06-27] (Intel Corporation)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [62840 2014-10-01] (McAfee, Inc.)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [36352 2014-06-25] (Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\system32\DRIVERS\DptfDevPower.sys [17408 2014-06-25] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\system32\DRIVERS\DptfDevDisplay.sys [19968 2014-06-25] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [28160 2014-06-25] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [72704 2014-06-25] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [174080 2014-06-25] (Intel Corporation)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2014-05-05] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2014-03-22] (Intel Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [58368 2014-03-22] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2014-03-22] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32152 2014-05-06] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [263168 2014-07-16] (Intel(R) Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2014-05-06] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21968 2014-03-16] (Intel Corporation)
R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [135880 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [238312 2014-10-01] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [67824 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [59728 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [371712 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [575992 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [352360 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [81304 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [217232 2014-10-01] (McAfee, Inc.)
R3 ov2722; C:\WINDOWS\System32\drivers\ov2722.sys [49152 2014-06-27] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [48128 2014-03-16] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [183000 2014-06-03] (Realtek Semiconductor Corp.)
R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [508120 2014-08-07] (Realtek Semiconductor Corporation)
R3 RtlWlans; C:\WINDOWS\system32\DRIVERS\rtwlans.sys [2798808 2014-09-11] (Realtek Semiconductor Corporation                          )
R3 SensorsAlsDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2014-01-09] (Intel Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84800 2014-09-22] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 08:21 - 2015-03-02 08:21 - 00000761 _____ () C:\Users\Esther\Desktop\JRT.txt
2015-03-02 08:12 - 2015-03-02 08:12 - 01388333 _____ (Thisisu) C:\Users\Esther\Downloads\JRT.exe
2015-03-02 08:03 - 2015-03-02 08:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-03-02 07:55 - 2015-02-03 20:31 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-03-02 07:55 - 2015-02-03 20:31 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-03-02 07:47 - 2015-03-02 07:47 - 00001114 _____ () C:\Users\Esther\Desktop\mbam.txt
2015-03-02 07:37 - 2013-09-23 13:48 - 00147912 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2015-03-02 07:35 - 2015-03-02 07:56 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-02 07:34 - 2015-03-02 07:34 - 00001083 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-02 07:34 - 2015-03-02 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-02 07:33 - 2015-03-02 07:34 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-02 07:33 - 2015-03-02 07:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-02 07:33 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-02 07:33 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-02 07:33 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-02 07:29 - 2015-03-02 07:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Esther\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-02 07:26 - 2015-03-02 07:26 - 00001249 _____ () C:\Users\Esther\Desktop\Revo Uninstaller.lnk
2015-03-02 07:26 - 2015-03-02 07:26 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-02 07:25 - 2015-03-02 07:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Esther\Downloads\revosetup95.exe
2015-03-02 00:06 - 2015-03-02 00:06 - 00028672 ___SH () C:\WINDOWS\system32\config\BCD-Template.LOG
2015-03-02 00:06 - 2015-03-02 00:06 - 00000000 _____ () C:\Recovery.txt
2015-03-01 18:02 - 2015-03-01 18:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-01 18:02 - 2015-01-29 17:49 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-01 16:48 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-01 16:47 - 2015-01-15 23:37 - 00478776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-03-01 16:47 - 2015-01-15 23:37 - 00148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-03-01 16:47 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-03-01 16:47 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-03-01 16:47 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-03-01 16:47 - 2014-10-29 02:03 - 01117696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-03-01 16:46 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-01 16:46 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-01 16:46 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-01 16:46 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-01 16:46 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-01 16:46 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-03-01 16:46 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-01 16:46 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-01 16:46 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-01 16:46 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-01 16:46 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-01 16:46 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-01 16:46 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-03-01 16:46 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-01 16:46 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-01 16:46 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-01 16:46 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-01 16:46 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-01 16:46 - 2015-01-10 08:38 - 03550720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-01 16:46 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-03-01 16:46 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-01 16:46 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-01 16:46 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2015-03-01 16:46 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2015-03-01 16:46 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2015-03-01 16:46 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2015-03-01 16:46 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2015-03-01 16:46 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2015-03-01 16:46 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-03-01 16:46 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2015-03-01 16:46 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-03-01 16:46 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-03-01 16:46 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2015-03-01 16:46 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-03-01 16:46 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2015-03-01 16:46 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2015-03-01 16:46 - 2014-10-31 04:12 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2015-03-01 16:46 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-01 16:46 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2015-03-01 16:46 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2015-03-01 16:46 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-03-01 16:46 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2015-03-01 16:46 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-03-01 16:46 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-03-01 16:46 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2015-03-01 16:46 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2015-03-01 16:46 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-01 16:46 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2015-03-01 16:45 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-01 16:44 - 2015-01-10 09:28 - 05769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-01 16:44 - 2015-01-10 09:28 - 01468408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-01 16:42 - 2014-12-19 06:46 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-03-01 16:42 - 2014-12-09 04:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-03-01 16:41 - 2014-12-12 02:34 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-03-01 16:41 - 2014-12-08 20:46 - 00485544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-03-01 16:41 - 2014-12-08 20:46 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-03-01 16:41 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-03-01 16:41 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-03-01 16:41 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-03-01 16:41 - 2014-12-06 03:36 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-03-01 16:41 - 2014-12-06 02:28 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-03-01 16:41 - 2014-12-06 02:23 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-03-01 16:41 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-03-01 16:41 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-03-01 16:41 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-03-01 16:41 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-03-01 16:41 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-03-01 16:41 - 2014-10-29 04:07 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-03-01 16:41 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-03-01 16:41 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-03-01 16:41 - 2014-10-29 01:49 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-03-01 16:40 - 2014-12-12 01:46 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-03-01 16:40 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-03-01 16:40 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-03-01 16:39 - 2014-10-10 03:28 - 00022848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-03-01 16:39 - 2014-10-08 07:48 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-01 16:39 - 2014-10-08 07:39 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-03-01 16:39 - 2014-10-08 06:16 - 02975232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-01 16:39 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-03-01 16:38 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2015-03-01 16:38 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-03-01 16:36 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-03-01 16:36 - 2014-09-27 04:12 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-03-01 16:35 - 2014-10-12 09:58 - 00047424 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdusb.dll
2015-03-01 16:35 - 2014-09-10 07:18 - 00333632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-03-01 16:35 - 2014-09-08 03:33 - 01858368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-03-01 16:35 - 2014-09-08 03:33 - 00286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-03-01 16:35 - 2014-09-07 23:07 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-01 16:35 - 2014-09-04 23:29 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-01 16:35 - 2014-09-04 23:20 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-01 16:35 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-03-01 16:35 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-03-01 16:35 - 2014-09-04 01:11 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WofTasks.dll
2015-03-01 16:35 - 2014-09-04 01:00 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2015-03-01 16:35 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-01 16:35 - 2014-08-31 00:00 - 00120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2015-03-01 16:35 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-01 16:35 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2015-03-01 16:35 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-03-01 16:35 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2015-03-01 16:35 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-03-01 16:35 - 2014-08-23 05:47 - 02151936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-03-01 16:35 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-03-01 16:35 - 2014-07-24 10:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2015-03-01 16:35 - 2014-07-24 09:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2015-03-01 16:35 - 2014-07-24 08:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2015-03-01 16:33 - 2014-10-18 09:49 - 00048496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-03-01 16:33 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-03-01 16:33 - 2014-10-18 08:25 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-03-01 16:33 - 2014-10-18 07:29 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-03-01 16:33 - 2014-10-18 07:16 - 02946560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-03-01 16:33 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-03-01 16:33 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-03-01 16:33 - 2014-10-18 07:12 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-03-01 16:33 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-03-01 16:33 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-03-01 16:33 - 2014-10-18 07:08 - 01653248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-03-01 16:32 - 2014-09-22 03:40 - 00219968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-01 16:32 - 2014-09-22 03:40 - 00084800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-01 16:32 - 2014-09-22 03:39 - 00029688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-01 16:32 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-01 16:31 - 2014-08-29 02:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2015-03-01 16:31 - 2014-08-29 01:59 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-03-01 16:31 - 2014-08-29 00:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-01 16:31 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2015-03-01 16:31 - 2014-08-16 04:08 - 00863528 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-03-01 16:31 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2015-03-01 16:31 - 2014-08-16 01:39 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-03-01 16:31 - 2014-08-16 01:35 - 00101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2015-03-01 16:31 - 2014-08-16 01:31 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2015-03-01 16:31 - 2014-08-16 01:30 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-03-01 16:31 - 2014-08-16 01:29 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2015-03-01 16:31 - 2014-08-16 01:23 - 00808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2015-03-01 16:31 - 2014-08-16 01:21 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2015-03-01 16:31 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-01 16:31 - 2014-08-16 01:15 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-03-01 16:31 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2015-03-01 16:31 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-03-01 16:31 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-03-01 16:31 - 2014-08-16 01:11 - 03985408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-03-01 16:31 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-03-01 16:31 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-01 16:31 - 2014-08-16 01:05 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-03-01 16:31 - 2014-07-24 14:48 - 00376128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-03-01 16:31 - 2014-07-24 11:43 - 01016320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-03-01 16:31 - 2014-07-24 11:42 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2015-03-01 16:31 - 2014-07-24 10:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-03-01 16:28 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2015-03-01 16:27 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-03-01 16:25 - 2014-08-23 08:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-01 16:25 - 2014-08-23 06:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2015-03-01 16:25 - 2014-08-23 05:02 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2015-03-01 16:25 - 2014-08-15 00:35 - 00122688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2015-03-01 16:25 - 2014-07-30 02:57 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-03-01 16:25 - 2014-07-29 06:06 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2015-03-01 16:24 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-03-01 16:23 - 2014-08-07 00:36 - 01090280 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-03-01 16:23 - 2014-08-02 01:15 - 00976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-03-01 16:22 - 2014-07-15 18:07 - 02257584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2015-03-01 16:22 - 2014-07-15 09:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2015-03-01 16:22 - 2014-07-15 08:55 - 02045440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2015-03-01 16:22 - 2014-07-12 04:43 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-03-01 16:21 - 2014-06-20 01:36 - 00805136 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-03-01 16:21 - 2014-06-13 01:10 - 01326936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-03-01 16:21 - 2014-06-13 01:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-03-01 16:21 - 2014-06-04 09:22 - 00107352 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-03-01 16:21 - 2014-06-04 05:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2015-03-01 16:06 - 2015-03-01 16:06 - 00001048 _____ () C:\Users\Esther\Desktop\Notepad++.lnk
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Notepad++
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\Program Files\Notepad++
2015-03-01 16:05 - 2015-03-01 16:05 - 07965917 _____ () C:\Users\Esther\Downloads\npp.6.7.4.Installer.exe
2015-03-01 16:02 - 2015-03-01 16:27 - 00000000 ____D () C:\Users\Esther\Desktop\VuPlus EMM
2015-03-01 16:02 - 2014-05-19 06:33 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2015-03-01 16:02 - 2014-05-19 06:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2015-03-01 15:55 - 2015-03-01 15:55 - 00002581 _____ () C:\Users\Esther\Desktop\(1) WhatsApp Web.lnk
2015-03-01 15:48 - 2015-03-01 15:52 - 00000000 ____D () C:\AdwCleaner
2015-03-01 15:48 - 2015-03-01 15:48 - 02126848 _____ () C:\Users\Esther\Downloads\AdwCleaner_4.111.exe
2015-03-01 15:41 - 2015-03-01 15:43 - 00014501 _____ () C:\Users\Esther\Downloads\Addition.txt
2015-03-01 15:40 - 2015-03-02 08:29 - 00018508 _____ () C:\Users\Esther\Downloads\FRST.txt
2015-03-01 15:40 - 2015-03-02 08:28 - 00000000 ____D () C:\FRST
2015-03-01 15:39 - 2015-03-01 15:39 - 01132032 _____ (Farbar) C:\Users\Esther\Downloads\FRST.exe
2015-03-01 15:35 - 2015-03-01 15:35 - 00002983 _____ () C:\Users\Esther\Desktop\Google hängt _trackid=sp-006 - Trojaner-Board.lnk
2015-03-01 15:32 - 2015-03-01 15:32 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0542c7ff0f32b.job
2015-03-01 15:28 - 2015-03-01 16:36 - 00002152 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-01 15:28 - 2015-03-01 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-01 15:27 - 2015-03-02 07:56 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-01 15:27 - 2015-03-01 15:28 - 00000000 ____D () C:\Users\Esther\AppData\Local\Google
2015-03-01 15:27 - 2015-03-01 15:28 - 00000000 ____D () C:\Program Files\Google
2015-03-01 15:27 - 2015-03-01 15:27 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-01 15:22 - 2015-03-01 15:22 - 00000000 ____D () C:\ProgramData\LU
2015-03-01 15:20 - 2015-03-02 07:56 - 00000000 ___DO () C:\Users\Esther\OneDrive
2015-03-01 15:20 - 2015-03-01 15:20 - 00000000 __SHD () C:\Users\Esther\AppData\Local\EmieUserList
2015-03-01 15:20 - 2015-03-01 15:20 - 00000000 __SHD () C:\Users\Esther\AppData\Local\EmieSiteList
2015-03-01 15:18 - 2015-03-01 15:18 - 00000000 ____D () C:\Users\Esther\AppData\Local\Lenovo
2015-03-01 15:16 - 2015-03-01 15:16 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Macromedia
2015-03-01 15:15 - 2015-03-01 15:15 - 00000000 ____D () C:\Users\Esther\AppData\Local\PackageStaging
2015-03-01 15:14 - 2015-03-01 15:20 - 00000000 ____D () C:\Users\Esther
2015-03-01 15:14 - 2015-03-01 15:14 - 00001461 _____ () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-01 15:14 - 2015-03-01 15:14 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-03-01 15:14 - 2015-03-01 15:14 - 00000020 ___SH () C:\Users\Esther\ntuser.ini
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Startmenü
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Netzwerkumgebung
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Druckumgebung
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Documents\Eigene Musik
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Documents\Eigene Bilder
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\AppData\Local\Verlauf
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Adobe
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 ____D () C:\Users\Esther\AppData\Local\VirtualStore
2015-03-01 15:14 - 2014-11-30 21:29 - 00000000 ___RD () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-01 15:14 - 2014-11-30 21:21 - 00000000 ___RD () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-01 15:14 - 2014-11-30 13:29 - 00000000 ____D () C:\Users\Esther\AppData\Local\Pokki
2015-03-01 15:14 - 2014-03-18 08:48 - 00000369 _____ () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-03-01 15:14 - 2014-03-18 08:48 - 00000369 _____ () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-03-01 15:14 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-01 15:14 - 2013-08-22 09:17 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-01 15:12 - 2015-03-02 08:21 - 01393289 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-03-01 15:10 - 2015-03-01 15:10 - 00000468 _____ () C:\WINDOWS\DtcInstall.log
2015-03-01 15:07 - 2015-03-02 07:54 - 00001317 _____ () C:\WINDOWS\setupact.log
2015-03-01 15:07 - 2015-03-01 15:07 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-03-01 15:06 - 2015-03-02 07:54 - 00002994 _____ () C:\WINDOWS\PFRO.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 08:02 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-02 07:59 - 2014-03-18 08:50 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-02 07:55 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-03-02 07:54 - 2014-11-30 13:33 - 00000000 ____D () C:\Program Files\McAfee
2015-03-02 07:54 - 2013-08-22 08:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-02 07:54 - 2013-08-22 08:22 - 00335600 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-02 07:53 - 2014-11-30 13:32 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf
2015-03-02 07:53 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-02 07:38 - 2014-11-30 13:33 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-02 07:36 - 2014-11-30 13:33 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-03-02 07:35 - 2013-08-22 09:17 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-03-02 00:06 - 2013-08-22 09:17 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-03-01 18:11 - 2013-08-22 09:05 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-01 16:08 - 2014-04-04 09:08 - 00000000 ____D () C:\WINDOWS\Panther
2015-03-01 16:02 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-01 15:53 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2015-03-01 15:27 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-01 15:19 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-01 15:18 - 2014-11-30 13:32 - 00000000 ____D () C:\ProgramData\Lenovo
2015-03-01 15:14 - 2014-11-30 22:52 - 00080967 _____ () C:\WINDOWS\modules.log
2015-03-01 15:12 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-03-01 15:12 - 2013-08-22 07:21 - 00000000 ___RD () C:\Users\Public
2015-03-01 15:11 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Windows NT
2015-03-01 15:11 - 2013-08-22 07:21 - 00000000 ___HD () C:\Users\Default

Some content of TEMP:
====================
C:\Users\Esther\AppData\Local\Temp\Quarantine.exe
C:\Users\Esther\AppData\Local\Temp\sqlite3.dll
C:\Users\Esther\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-01 15:06

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


ok habe jetzt herausgefunden das Lenovo dieses Superfish(Bloatware) auf all ihrern Geräten vorinstalliert hat. Denke das ich mir darüber wohl was eingefangen habe.

habe jetzt noch das Zertifikat von Superfish gelöscht hoffe das jetzt alles bereinigt ist.

schrauber 02.03.2015 16:57
Noch Kontrollscans.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

EsleTra 02.03.2015 20:03
Kontrollscanns sind im gange :-)

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=fbe4321f61b5a84fb319f6ad3ecc71ef
# engine=22716
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-02 05:55:59
# local_time=2015-03-02 06:55:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 29902 34757 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 39892 15623269 0 0
# scanned=167601
# found=6
# cleaned=0
# scan_time=2481
sh=BA74F32719AA524845F0858E1ED603863873B304 ft=1 fh=ba7b9b70a0dd35f5 vn="Variante von Win32/Adware.SuperFish.A Anwendung" ac=I fn="C:\Program Files\Lenovo\VisualDiscovery\Run.exe"
sh=EDE269E495845B824738B21E97E34ED8552B838E ft=1 fh=b1f546208637d3c4 vn="Variante von Win32/Adware.SuperFish.A Anwendung" ac=I fn="C:\Program Files\Lenovo\VisualDiscovery\SuperfishCert.dll"
sh=1FC5CD4A58308AB7A499C6387A9C050F77F0B00F ft=1 fh=84694f440663fdd1 vn="Win32/Adware.SuperFish.F Anwendung" ac=I fn="C:\Program Files\Lenovo\VisualDiscovery\VDWFP.sys"
sh=C38BF92AA13F875862D7153A05D16DD8DC3D9180 ft=1 fh=352e9c79faf7d70b vn="Win64/Adware.SuperFish.A Anwendung" ac=I fn="C:\Program Files\Lenovo\VisualDiscovery\VDWFP64.sys"
sh=B5D68FE790F0FD30198F7F6C19FA190F561F301E ft=1 fh=dc1f28ed7d578e66 vn="Variante von Win32/Adware.SuperFish.A Anwendung" ac=I fn="C:\Program Files\Lenovo\VisualDiscovery\VDWFPInstaller.exe"
sh=CBCE16CB808A5D36246C1DB8B4E47FDFEA6373FA ft=1 fh=06063ac2c8492491 vn="Variante von Win32/Adware.SuperFish.A Anwendung" ac=I fn="C:\Program Files\Lenovo\VisualDiscovery\VisualDiscovery.exe"

Jedes mal wenn ich das eset durch laufen lasse kann ich mi dem PC nix mehr antworten

Results of screen317's Security Check version 0.99.96
x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 64-bit 8 Update 31
Google Chrome (40.0.2214.115)
Google Chrome (42.0.2311.11)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
AVAST Software Avast ng vbox\aswFe.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 02.03.2015
Suchlauf-Zeit: 19:32:07
Logdatei: mbam1.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.02.05
Rootkit Datenbank: v2015.02.25.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x86
Dateisystem: NTFS
Benutzer: Esther

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 300555
Verstrichene Zeit: 17 Min, 57 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-02-2015
Ran by Esther (administrator) on LENOVO-PC on 02-03-2015 19:20:53
Running from C:\Users\Esther\Downloads
Loaded Profiles: Esther (Available profiles: Esther)
Platform: Microsoft Windows 8.1 mit Bing (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\ModeTran_cp.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\FolioSer.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Lenovo Updates\LUService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
() C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\ModeTran.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Users\Esther\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\Lenovo\CCSDK\WinGather.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\AppVShNotify.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo

schrauber 03.03.2015 08:16
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Program Files\Lenovo\VisualDiscovery
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



frisches FRST log bitte. Noch Probleme?

EsleTra 03.03.2015 10:30
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-02-2015
Ran by Esther (administrator) on LENOVO-PC on 03-03-2015 10:12:47
Running from C:\Users\Esther\Downloads
Loaded Profiles: Esther &  (Available profiles: Esther)
Platform: Microsoft Windows 8.1 mit Bing (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\FolioSer.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Lenovo Updates\LUService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
() C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\ModeTran_cp.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\ModeTran.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Users\Esther\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\System32\DptfPolicyLpmServiceHelper.exe [73216 2014-06-25] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-03-02] (AVAST Software)
Startup: C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=lenovo&m=start
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-2447949755-921433259-1447528216-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=lenovo&m=start
HKU\S-1-5-21-2447949755-921433259-1447528216-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2447949755-921433259-1447528216-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2447949755-921433259-1447528216-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2447949755-921433259-1447528216-1001 -> {26E400EB-FF76-4A9F-88BD-9BD17C9EC864} URL =
SearchScopes: HKU\S-1-5-21-2447949755-921433259-1447528216-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {26E400EB-FF76-4A9F-88BD-9BD17C9EC864} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\Root\Office15\URLREDIR.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\Root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\Root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-02]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://google.de/
CHR StartupUrls: Default -> "hxxp://www.delta-search.com/?affID=120518&tt=190313_wo3&babsrc=HP_ss&mntrId=B0A9BC05430E79B2", "hxxp://www.giga.de/my_homepage/0022/", "hxxp://isearch.avg.com?cid={CC37F0BC-AA78-474C-A059-8A496B9BA64A}&mid=a9335737799b47d0b6dc016ecee48aac-7a044ede462d0fc8a954fa45c38878beea4ac26d&lang=de&ds=AVG&coid=avgtbavg&pr=pr&d=2013-10-07 13:11:04&v=17.0.1.12&pid=avg&sg=0&sap=hp", "hxxp://homepage-web.com/?s=lenovo&m=start", "hxxp://www.lenovo.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-01]
CHR Extension: (Google Drive) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-01]
CHR Extension: (YouTube) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-01]
CHR Extension: (Facebook) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-03-01]
CHR Extension: (GMX MailCheck) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2015-03-01]
CHR Extension: (Pushbullet) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-03-01]
CHR Extension: (Google Search) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-01]
CHR Extension: (Google Sheets) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-01]
CHR Extension: (Avast Online Security) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-02]
CHR Extension: (Google Play) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-03-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-02]
CHR Extension: (Gmail) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-03-02] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-03-02] (Avast Software)
R2 BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [161496 2014-09-10] ()
S2 CCSDK; C:\Program Files\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1490104 2014-01-02] (Microsoft Corporation)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [279000 2014-06-14] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [75264 2014-06-25] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [89088 2014-06-25] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [82432 2014-06-25] (Intel Corporation)
R2 FOLIOSRV; C:\Program Files\Lenovo\FolioCase\FolioSer.exe [23552 2014-07-29] (Lenovo) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [277976 2014-06-14] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\lenovo\easyplussdk\bin\EPHotspot.exe [439040 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
R2 LUService; C:\Program Files\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-17] (Lenovo(beijing) Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2013-12-12] (Nitro PDF Software)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 VeriFaceSrv; C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [54544 2014-11-30] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-22] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-04-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acpials; C:\WINDOWS\system32\DRIVERS\acpials.sys [7680 2014-03-18] (Microsoft Corporation)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-03-02] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73480 2015-03-02] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [81768 2015-03-02] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-03-02] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-03-02] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-03-02] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [91496 2015-03-02] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-03-02] ()
S3 AX88772; C:\WINDOWS\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
R3 BMA2x2Accelerometer; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [186880 2014-03-18] (Microsoft Corporation)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [460800 2014-06-27] (Intel Corporation)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [36352 2014-06-25] (Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\system32\DRIVERS\DptfDevPower.sys [17408 2014-06-25] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\system32\DRIVERS\DptfDevDisplay.sys [19968 2014-06-25] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [28160 2014-06-25] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [72704 2014-06-25] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [174080 2014-06-25] (Intel Corporation)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2014-05-05] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2014-03-22] (Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [58368 2014-03-22] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2014-03-22] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32152 2014-05-06] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [263168 2014-07-16] (Intel(R) Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2014-05-06] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21968 2014-03-16] (Intel Corporation)
R3 ov2722; C:\WINDOWS\System32\drivers\ov2722.sys [49152 2014-06-27] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [48128 2014-03-16] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [183000 2014-06-03] (Realtek Semiconductor Corp.)
R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [508120 2014-08-07] (Realtek Semiconductor Corporation)
R3 RtlWlans; C:\WINDOWS\system32\DRIVERS\rtwlans.sys [2798808 2014-09-11] (Realtek Semiconductor Corporation                          )
R3 SensorsAlsDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2014-01-09] (Intel Corporation)
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-03-02] (Avast Software)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84800 2014-09-22] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 20:13 - 2015-03-02 20:13 - 05977528 _____ (Lenovo Inc.) C:\Users\Esther\Downloads\Lenovo.SuperFishRemovalTool.exe
2015-03-02 19:52 - 2015-03-02 19:52 - 00001190 _____ () C:\Users\Esther\Desktop\mbam1.txt
2015-03-02 19:13 - 2015-03-02 19:13 - 00000000 __SHD () C:\Users\Esther\AppData\Local\EmieBrowserModeList
2015-03-02 19:05 - 2015-03-02 19:05 - 00852594 _____ () C:\Users\Esther\Downloads\SecurityCheck.exe
2015-03-02 17:41 - 2015-03-02 17:42 - 02347384 _____ (ESET) C:\Users\Esther\Downloads\esetsmartinstaller_deu.exe
2015-03-02 10:57 - 2015-03-02 10:57 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-03-02 10:52 - 2015-03-02 10:52 - 00000000 __RHD () C:\MSOCache
2015-03-02 10:50 - 2015-03-02 10:50 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-03-02 10:47 - 2015-03-02 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-02 10:46 - 2015-03-02 10:46 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-02 10:41 - 2015-03-02 10:41 - 00000247 _____ () C:\WINDOWS\system32\2015-03-02-09-41-12.089-aswFe.exe-3568.log
2015-03-02 10:40 - 2015-03-02 10:40 - 00000197 _____ () C:\WINDOWS\system32\2015-03-02-09-40-56.010-AvastVBoxSVC.exe-1428.log
2015-03-02 10:31 - 2015-03-02 19:55 - 00000000 ___RD () C:\Users\Esther\Dropbox
2015-03-02 10:31 - 2015-03-02 10:31 - 00001191 _____ () C:\Users\Esther\Desktop\Dropbox.lnk
2015-03-02 10:29 - 2015-03-02 10:29 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-02 10:27 - 2015-03-02 19:55 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Dropbox
2015-03-02 10:25 - 2015-03-02 10:25 - 00000247 _____ () C:\WINDOWS\system32\2015-03-02-09-25-42.019-aswFe.exe-8056.log
2015-03-02 10:25 - 2015-03-02 10:25 - 00000197 _____ () C:\WINDOWS\system32\2015-03-02-09-25-37.055-AvastVBoxSVC.exe-1552.log
2015-03-02 10:22 - 2015-03-02 10:22 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\AVAST Software
2015-03-02 10:19 - 2015-03-02 10:19 - 00002144 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-02 10:19 - 2015-03-02 10:19 - 00000000 ____D () C:\WINDOWS\system32\vbox
2015-03-02 10:19 - 2015-03-02 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-02 10:18 - 2015-03-02 10:18 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-03-02 10:18 - 2015-03-02 10:18 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-03-02 10:18 - 2015-03-02 10:18 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-03-02 10:18 - 2015-03-02 10:18 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-03-02 10:18 - 2015-03-02 10:18 - 00091496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-03-02 10:18 - 2015-03-02 10:18 - 00081768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-03-02 10:18 - 2015-03-02 10:18 - 00073480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-03-02 10:18 - 2015-03-02 10:18 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-03-02 10:18 - 2015-03-02 10:18 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-03-02 10:18 - 2015-03-02 10:18 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-03-02 10:17 - 2015-03-02 10:17 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-02 10:16 - 2015-03-02 10:17 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-02 10:13 - 2015-03-02 10:16 - 132469808 _____ (AVAST Software) C:\Users\Esther\Downloads\avast_free_antivirus_setup_10.2208.712.exe
2015-03-02 09:18 - 2015-03-02 09:18 - 00447720 _____ () C:\WINDOWS\Minidump\030215-17984-01.dmp
2015-03-02 09:18 - 2015-03-02 09:18 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-02 08:21 - 2015-03-02 08:21 - 00000761 _____ () C:\Users\Esther\Desktop\JRT.txt
2015-03-02 08:12 - 2015-03-02 08:12 - 01388333 _____ (Thisisu) C:\Users\Esther\Downloads\JRT.exe
2015-03-02 07:55 - 2015-02-03 20:31 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-03-02 07:55 - 2015-02-03 20:31 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-03-02 07:47 - 2015-03-02 07:47 - 00001114 _____ () C:\Users\Esther\Desktop\mbam.txt
2015-03-02 07:35 - 2015-03-02 19:54 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-02 07:34 - 2015-03-02 07:34 - 00001083 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-02 07:34 - 2015-03-02 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-02 07:33 - 2015-03-02 07:34 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-02 07:33 - 2015-03-02 07:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-02 07:33 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-02 07:33 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-02 07:33 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-02 07:29 - 2015-03-02 07:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Esther\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-02 07:26 - 2015-03-02 07:26 - 00001249 _____ () C:\Users\Esther\Desktop\Revo Uninstaller.lnk
2015-03-02 07:26 - 2015-03-02 07:26 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-02 07:25 - 2015-03-02 07:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Esther\Downloads\revosetup95.exe
2015-03-02 00:06 - 2015-03-02 00:06 - 00028672 ___SH () C:\WINDOWS\system32\config\BCD-Template.LOG
2015-03-02 00:06 - 2015-03-02 00:06 - 00000000 _____ () C:\Recovery.txt
2015-03-01 18:02 - 2015-03-01 18:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-01 18:02 - 2015-01-29 17:49 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-01 16:48 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-01 16:47 - 2015-01-15 23:37 - 00478776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-03-01 16:47 - 2015-01-15 23:37 - 00148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-03-01 16:47 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-03-01 16:47 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-03-01 16:47 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-03-01 16:47 - 2014-10-29 02:03 - 01117696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-03-01 16:46 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-01 16:46 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-01 16:46 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-01 16:46 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-01 16:46 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-01 16:46 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-03-01 16:46 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-01 16:46 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-01 16:46 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-01 16:46 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-01 16:46 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-01 16:46 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-01 16:46 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-03-01 16:46 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-01 16:46 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-01 16:46 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-01 16:46 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-01 16:46 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-01 16:46 - 2015-01-10 08:38 - 03550720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-01 16:46 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-03-01 16:46 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-01 16:46 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-01 16:46 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2015-03-01 16:46 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2015-03-01 16:46 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2015-03-01 16:46 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2015-03-01 16:46 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2015-03-01 16:46 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2015-03-01 16:46 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-03-01 16:46 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2015-03-01 16:46 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-03-01 16:46 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-03-01 16:46 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2015-03-01 16:46 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-03-01 16:46 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2015-03-01 16:46 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2015-03-01 16:46 - 2014-10-31 04:12 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2015-03-01 16:46 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-01 16:46 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2015-03-01 16:46 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2015-03-01 16:46 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-03-01 16:46 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2015-03-01 16:46 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-03-01 16:46 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-03-01 16:46 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2015-03-01 16:46 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2015-03-01 16:46 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-01 16:46 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2015-03-01 16:45 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-01 16:44 - 2015-01-10 09:28 - 05769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-01 16:44 - 2015-01-10 09:28 - 01468408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-01 16:42 - 2014-12-19 06:46 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-03-01 16:42 - 2014-12-09 04:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-03-01 16:41 - 2014-12-12 02:34 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-03-01 16:41 - 2014-12-08 20:46 - 00485544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-03-01 16:41 - 2014-12-08 20:46 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-03-01 16:41 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-03-01 16:41 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-03-01 16:41 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-03-01 16:41 - 2014-12-06 03:36 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-03-01 16:41 - 2014-12-06 02:28 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-03-01 16:41 - 2014-12-06 02:23 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-03-01 16:41 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-03-01 16:41 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-03-01 16:41 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-03-01 16:41 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-03-01 16:41 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-03-01 16:41 - 2014-10-29 04:07 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-03-01 16:41 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-03-01 16:41 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-03-01 16:41 - 2014-10-29 01:49 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-03-01 16:40 - 2014-12-12 01:46 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-03-01 16:40 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-03-01 16:40 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-03-01 16:39 - 2014-10-10 03:28 - 00022848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-03-01 16:39 - 2014-10-08 07:48 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-01 16:39 - 2014-10-08 07:39 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-03-01 16:39 - 2014-10-08 06:16 - 02975232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-01 16:39 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-03-01 16:38 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2015-03-01 16:38 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-03-01 16:36 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-03-01 16:36 - 2014-09-27 04:12 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-03-01 16:35 - 2014-10-12 09:58 - 00047424 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdusb.dll
2015-03-01 16:35 - 2014-09-10 07:18 - 00333632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-03-01 16:35 - 2014-09-08 03:33 - 01858368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-03-01 16:35 - 2014-09-08 03:33 - 00286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-03-01 16:35 - 2014-09-07 23:07 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-01 16:35 - 2014-09-04 23:29 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-01 16:35 - 2014-09-04 23:20 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-01 16:35 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-03-01 16:35 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-03-01 16:35 - 2014-09-04 01:11 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WofTasks.dll
2015-03-01 16:35 - 2014-09-04 01:00 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2015-03-01 16:35 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-01 16:35 - 2014-08-31 00:00 - 00120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2015-03-01 16:35 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-01 16:35 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2015-03-01 16:35 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-03-01 16:35 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2015-03-01 16:35 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-03-01 16:35 - 2014-08-23 05:47 - 02151936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-03-01 16:35 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-03-01 16:35 - 2014-07-24 10:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2015-03-01 16:35 - 2014-07-24 09:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2015-03-01 16:35 - 2014-07-24 08:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2015-03-01 16:33 - 2014-10-18 09:49 - 00048496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-03-01 16:33 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-03-01 16:33 - 2014-10-18 08:25 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-03-01 16:33 - 2014-10-18 07:29 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-03-01 16:33 - 2014-10-18 07:16 - 02946560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-03-01 16:33 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-03-01 16:33 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-03-01 16:33 - 2014-10-18 07:12 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-03-01 16:33 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-03-01 16:33 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-03-01 16:33 - 2014-10-18 07:08 - 01653248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-03-01 16:32 - 2014-09-22 03:40 - 00219968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-01 16:32 - 2014-09-22 03:40 - 00084800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-01 16:32 - 2014-09-22 03:39 - 00029688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-01 16:32 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-01 16:31 - 2014-08-29 02:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2015-03-01 16:31 - 2014-08-29 01:59 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-03-01 16:31 - 2014-08-29 00:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-01 16:31 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2015-03-01 16:31 - 2014-08-16 04:08 - 00863528 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-03-01 16:31 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2015-03-01 16:31 - 2014-08-16 01:39 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-03-01 16:31 - 2014-08-16 01:35 - 00101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2015-03-01 16:31 - 2014-08-16 01:31 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2015-03-01 16:31 - 2014-08-16 01:30 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-03-01 16:31 - 2014-08-16 01:29 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2015-03-01 16:31 - 2014-08-16 01:23 - 00808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2015-03-01 16:31 - 2014-08-16 01:21 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2015-03-01 16:31 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-01 16:31 - 2014-08-16 01:15 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-03-01 16:31 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2015-03-01 16:31 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-03-01 16:31 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-03-01 16:31 - 2014-08-16 01:11 - 03985408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-03-01 16:31 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-03-01 16:31 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-01 16:31 - 2014-08-16 01:05 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-03-01 16:31 - 2014-07-24 14:48 - 00376128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-03-01 16:31 - 2014-07-24 11:43 - 01016320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-03-01 16:31 - 2014-07-24 11:42 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2015-03-01 16:31 - 2014-07-24 10:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-03-01 16:28 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2015-03-01 16:27 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-03-01 16:25 - 2014-08-23 08:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-01 16:25 - 2014-08-23 06:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2015-03-01 16:25 - 2014-08-23 05:02 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2015-03-01 16:25 - 2014-08-15 00:35 - 00122688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2015-03-01 16:25 - 2014-07-30 02:57 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-03-01 16:25 - 2014-07-29 06:06 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2015-03-01 16:24 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-03-01 16:23 - 2014-08-07 00:36 - 01090280 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-03-01 16:23 - 2014-08-02 01:15 - 00976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-03-01 16:22 - 2014-07-15 18:07 - 02257584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2015-03-01 16:22 - 2014-07-15 09:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2015-03-01 16:22 - 2014-07-15 08:55 - 02045440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2015-03-01 16:22 - 2014-07-12 04:43 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-03-01 16:21 - 2014-06-20 01:36 - 00805136 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-03-01 16:21 - 2014-06-13 01:10 - 01326936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-03-01 16:21 - 2014-06-13 01:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-03-01 16:21 - 2014-06-04 09:22 - 00107352 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-03-01 16:21 - 2014-06-04 05:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2015-03-01 16:06 - 2015-03-01 16:06 - 00001048 _____ () C:\Users\Esther\Desktop\Notepad++.lnk
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Notepad++
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\Program Files\Notepad++
2015-03-01 16:05 - 2015-03-01 16:05 - 07965917 _____ () C:\Users\Esther\Downloads\npp.6.7.4.Installer.exe
2015-03-01 16:02 - 2015-03-01 16:27 - 00000000 ____D () C:\Users\Esther\Desktop\VuPlus EMM
2015-03-01 16:02 - 2014-05-19 06:33 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2015-03-01 16:02 - 2014-05-19 06:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2015-03-01 15:55 - 2015-03-01 15:55 - 00002581 _____ () C:\Users\Esther\Desktop\(1) WhatsApp Web.lnk
2015-03-01 15:48 - 2015-03-01 15:52 - 00000000 ____D () C:\AdwCleaner
2015-03-01 15:48 - 2015-03-01 15:48 - 02126848 _____ () C:\Users\Esther\Downloads\AdwCleaner_4.111.exe
2015-03-01 15:41 - 2015-03-02 08:31 - 00012442 _____ () C:\Users\Esther\Downloads\Addition.txt
2015-03-01 15:40 - 2015-03-03 10:12 - 00021148 _____ () C:\Users\Esther\Downloads\FRST.txt
2015-03-01 15:40 - 2015-03-03 10:12 - 00000000 ____D () C:\FRST
2015-03-01 15:39 - 2015-03-01 15:39 - 01132032 _____ (Farbar) C:\Users\Esther\Downloads\FRST.exe
2015-03-01 15:32 - 2015-03-01 15:32 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0542c7ff0f32b.job
2015-03-01 15:28 - 2015-03-01 16:36 - 00002152 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-01 15:28 - 2015-03-01 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-01 15:27 - 2015-03-02 19:54 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-01 15:27 - 2015-03-01 15:28 - 00000000 ____D () C:\Users\Esther\AppData\Local\Google
2015-03-01 15:27 - 2015-03-01 15:28 - 00000000 ____D () C:\Program Files\Google
2015-03-01 15:27 - 2015-03-01 15:27 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-01 15:22 - 2015-03-01 15:22 - 00000000 ____D () C:\ProgramData\LU
2015-03-01 15:20 - 2015-03-02 19:54 - 00000000 ___DO () C:\Users\Esther\OneDrive
2015-03-01 15:20 - 2015-03-01 15:20 - 00000000 __SHD () C:\Users\Esther\AppData\Local\EmieUserList
2015-03-01 15:20 - 2015-03-01 15:20 - 00000000 __SHD () C:\Users\Esther\AppData\Local\EmieSiteList
2015-03-01 15:18 - 2015-03-01 15:18 - 00000000 ____D () C:\Users\Esther\AppData\Local\Lenovo
2015-03-01 15:16 - 2015-03-01 15:16 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Macromedia
2015-03-01 15:15 - 2015-03-01 15:15 - 00000000 ____D () C:\Users\Esther\AppData\Local\PackageStaging
2015-03-01 15:14 - 2015-03-02 10:37 - 00000000 ____D () C:\Users\Esther
2015-03-01 15:14 - 2015-03-01 15:14 - 00001461 _____ () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-01 15:14 - 2015-03-01 15:14 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-03-01 15:14 - 2015-03-01 15:14 - 00000020 ___SH () C:\Users\Esther\ntuser.ini
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Startmenü
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Netzwerkumgebung
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Druckumgebung
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Documents\Eigene Musik
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Documents\Eigene Bilder
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\AppData\Local\Verlauf
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Adobe
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 ____D () C:\Users\Esther\AppData\Local\VirtualStore
2015-03-01 15:14 - 2014-11-30 21:29 - 00000000 ___RD () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-01 15:14 - 2014-11-30 21:21 - 00000000 ___RD () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-01 15:14 - 2014-11-30 13:29 - 00000000 ____D () C:\Users\Esther\AppData\Local\Pokki
2015-03-01 15:14 - 2014-03-18 08:48 - 00000369 _____ () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-03-01 15:14 - 2014-03-18 08:48 - 00000369 _____ () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-03-01 15:14 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-01 15:14 - 2013-08-22 09:17 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-01 15:12 - 2015-03-03 08:23 - 01353657 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-03-01 15:10 - 2015-03-01 15:10 - 00000468 _____ () C:\WINDOWS\DtcInstall.log
2015-03-01 15:07 - 2015-03-02 10:37 - 00001549 _____ () C:\WINDOWS\setupact.log
2015-03-01 15:07 - 2015-03-01 15:07 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-03-01 15:06 - 2015-03-02 10:37 - 00007950 _____ () C:\WINDOWS\PFRO.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 09:12 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-02 20:13 - 2014-11-30 13:12 - 00000000 ____D () C:\Program Files\Lenovo
2015-03-02 19:50 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-02 11:03 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-03-02 10:50 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-02 10:50 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-02 10:49 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-03-02 10:44 - 2014-03-18 08:50 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-02 10:37 - 2014-11-30 13:33 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-02 10:37 - 2014-11-30 13:33 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-03-02 10:37 - 2014-11-30 13:32 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf
2015-03-02 10:37 - 2013-08-22 08:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-02 10:35 - 2013-08-22 09:17 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-03-02 10:33 - 2013-08-22 07:21 - 00000000 ___RD () C:\Users\Public
2015-03-02 07:54 - 2013-08-22 08:22 - 00335600 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-02 07:53 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-02 00:06 - 2013-08-22 09:17 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-03-01 18:11 - 2013-08-22 09:05 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-01 16:08 - 2014-04-04 09:08 - 00000000 ____D () C:\WINDOWS\Panther
2015-03-01 15:53 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2015-03-01 15:19 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-01 15:18 - 2014-11-30 13:32 - 00000000 ____D () C:\ProgramData\Lenovo
2015-03-01 15:14 - 2014-11-30 22:52 - 00080967 _____ () C:\WINDOWS\modules.log
2015-03-01 15:12 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-03-01 15:11 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Windows NT
2015-03-01 15:11 - 2013-08-22 07:21 - 00000000 ___HD () C:\Users\Default

Some content of TEMP:
====================
C:\Users\Esther\AppData\Local\Temp\0267071425288768mcinst.exe
C:\Users\Esther\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcfbfut.dll
C:\Users\Esther\AppData\Local\Temp\Quarantine.exe
C:\Users\Esther\AppData\Local\Temp\SetupO365HomePremRetail.x86.de-DE_O365HomePremRetail_GFC9N-KKFBB-RGDM7-3PMDC-D67JR_act_1_.exe
C:\Users\Esther\AppData\Local\Temp\sqlite3.dll
C:\Users\Esther\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-01 15:06

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-02-2015
Ran by Esther at 2015-03-03 10:17:29 Run:1
Running from C:\Users\Esther\Downloads
Loaded Profiles: Esther & (Available profiles: Esther)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\Mercan\Downloads\Shockwave_Installer_Slim.exe
C:\Users\Mercan\Downloads\Shockwave_Installer_Slim(1).exe
*****************

"C:\Users\Mercan\Downloads\Shockwave_Installer_Slim.exe" => File/Directory not found.
"C:\Users\Mercan\Downloads\Shockwave_Installer_Slim(1).exe" => File/Directory not found.

==== End of Fixlog 10:17:29 ====

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-02-2015
Ran by Esther at 2015-03-03 10:26:42 Run:2
Running from C:\Users\Esther\Downloads
Loaded Profiles: Esther (Available profiles: Esther)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Program Files\Lenovo\VisualDiscovery
Emptytemp:
*****************

"C:\Program Files\Lenovo\VisualDiscovery" => File/Directory not found.
EmptyTemp: => Removed 183.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 10:26:56 ====

schrauber 03.03.2015 16:29
Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de



Noch Probleme?

EsleTra 03.03.2015 18:16
So Google Chrome hat sich nicht mehr installieren lassen, da stand das es eine neuere Version auf dem PC gibt.
Habe es jetzt 10 mal versucht. Auch von der Google Chrom Web Site.
Habe jetzt Opra drauf.[IMG]http://img4.fotos-hochladen.net/uplo...uptimj6ngb.png[/IMG]

Da steht:"Dieser Computer verfügt bereits über eine neue Version der Google Chrome-Komponenten. Bitte vernden Sie einen neuen Installer."

schrauber 04.03.2015 08:42
Hab ich schon erwähnt dass ich diesen scheiss Chrome Browser hasse??? Jedesmal der gleiche Scheiss mit dem Ding.

Frisches FRST log bitte.

EsleTra 04.03.2015 09:20
Hatte den nur drauf weil ich das mit dem Whatsapp auf dem PC haben wollte. Jetzt läuft Opra. Finde mich zwar noch nicht so zurecht damit aber wird schon. Bin gerade nicht am PC werde aber eine frische LOG nachher Hochladen.


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-02-2015
Ran by Esther (administrator) on LENOVO-PC on 04-03-2015 09:17:35
Running from C:\Users\Esther\Downloads
Loaded Profiles: Esther (Available profiles: Esther)
Platform: Microsoft Windows 8.1 mit Bing (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\ModeTran_cp.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\FolioSer.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Lenovo Updates\LUService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
() C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\ModeTran.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Users\Esther\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
() C:\Program Files\Lenovo\CCSDK\WinGather.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.3327.1030_x86__8wekyb3d8bbwe\onenoteim.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Lenovo Updates\LU.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.76\opera.exe
() C:\Program Files\Opera\27.0.1689.76\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.76\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.76\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.76\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.76\opera.exe
(Google Inc.) C:\Users\Esther\Downloads\ChromeSetup.exe
(Google Inc.) C:\Users\Esther\AppData\Local\Temp\GUMCD70.tmp\GoogleUpdate.exe
(Google Inc.) C:\Users\Esther\AppData\Local\Temp\GUMCD70.tmp\GoogleUpdateSetup.exe
(Google Inc.) C:\Program Files\GUME9D2.tmp\GoogleUpdate.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.76\opera.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\System32\DptfPolicyLpmServiceHelper.exe [73216 2014-06-25] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-03-02] (AVAST Software)
Startup: C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=lenovo&m=start
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2447949755-921433259-1447528216-1001 -> {26E400EB-FF76-4A9F-88BD-9BD17C9EC864} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-02]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://google.de/
CHR StartupUrls: Default -> "hxxp://www.delta-search.com/?affID=120518&tt=190313_wo3&babsrc=HP_ss&mntrId=B0A9BC05430E79B2", "hxxp://www.giga.de/my_homepage/0022/", "hxxp://isearch.avg.com?cid={CC37F0BC-AA78-474C-A059-8A496B9BA64A}&mid=a9335737799b47d0b6dc016ecee48aac-7a044ede462d0fc8a954fa45c38878beea4ac26d&lang=de&ds=AVG&coid=avgtbavg&pr=pr&d=2013-10-07 13:11:04&v=17.0.1.12&pid=avg&sg=0&sap=hp", "hxxp://homepage-web.com/?s=lenovo&m=start", "hxxp://www.lenovo.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-01]
CHR Extension: (Google Drive) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-01]
CHR Extension: (YouTube) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-01]
CHR Extension: (Facebook) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-03-01]
CHR Extension: (GMX MailCheck) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2015-03-01]
CHR Extension: (Pushbullet) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-03-01]
CHR Extension: (Google Search) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-01]
CHR Extension: (Google Sheets) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-01]
CHR Extension: (Avast Online Security) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-02]
CHR Extension: (Google Play) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-03-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-02]
CHR Extension: (Gmail) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-03-02] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-03-02] (Avast Software)
R2 BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [161496 2014-09-10] ()
S2 CCSDK; C:\Program Files\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1840304 2015-01-13] (Microsoft Corporation)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [279000 2014-06-14] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [75264 2014-06-25] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [89088 2014-06-25] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [82432 2014-06-25] (Intel Corporation)
R2 FOLIOSRV; C:\Program Files\Lenovo\FolioCase\FolioSer.exe [23552 2014-07-29] (Lenovo) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [277976 2014-06-14] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\lenovo\easyplussdk\bin\EPHotspot.exe [439040 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
R2 LUService; C:\Program Files\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-17] (Lenovo(beijing) Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2013-12-12] (Nitro PDF Software)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 VeriFaceSrv; C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [54544 2014-11-30] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-22] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1222144 2014-07-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acpials; C:\WINDOWS\system32\DRIVERS\acpials.sys [7680 2014-03-18] (Microsoft Corporation)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-03-02] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73480 2015-03-02] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [81768 2015-03-02] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-03-02] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-03-02] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-03-02] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [91496 2015-03-02] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-03-02] ()
S3 AX88772; C:\WINDOWS\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
R3 BMA2x2Accelerometer; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [186880 2014-03-18] (Microsoft Corporation)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [460800 2014-06-27] (Intel Corporation)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [36352 2014-06-25] (Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\system32\DRIVERS\DptfDevPower.sys [17408 2014-06-25] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\system32\DRIVERS\DptfDevDisplay.sys [19968 2014-06-25] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [28160 2014-06-25] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [72704 2014-06-25] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [174080 2014-06-25] (Intel Corporation)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2014-05-05] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2014-03-22] (Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [58368 2014-03-22] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2014-03-22] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32152 2014-05-06] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [263168 2014-07-16] (Intel(R) Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2014-05-06] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21968 2014-03-16] (Intel Corporation)
R3 ov2722; C:\WINDOWS\System32\drivers\ov2722.sys [49152 2014-06-27] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [48128 2014-03-16] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [183000 2014-06-03] (Realtek Semiconductor Corp.)
R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [508120 2014-08-07] (Realtek Semiconductor Corporation)
R3 RtlWlans; C:\WINDOWS\system32\DRIVERS\rtwlans.sys [2798808 2014-09-11] (Realtek Semiconductor Corporation                          )
R3 SensorsAlsDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2014-01-09] (Intel Corporation)
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-03-02] (Avast Software)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84800 2014-09-22] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 08:19 - 2015-03-04 08:45 - 00059224 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-04 07:57 - 2015-03-04 07:57 - 00001189 _____ () C:\Users\Esther\Desktop\mbam2.txt
2015-03-03 17:54 - 2015-03-03 17:54 - 06103040 _____ () C:\Program Files\GUTE9E3.tmp
2015-03-03 17:54 - 2015-03-03 17:54 - 00880208 _____ (Google Inc.) C:\Users\Esther\Downloads\ChromeSetup.exe
2015-03-03 17:54 - 2015-03-03 17:54 - 00000000 ____D () C:\Program Files\GUME9D2.tmp
2015-03-03 17:37 - 2015-03-03 17:37 - 00000988 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-03 17:37 - 2015-03-03 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-03 17:37 - 2015-03-03 17:37 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-03 17:28 - 2015-03-03 17:28 - 00001116 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-03-03 17:28 - 2015-03-03 17:28 - 00001116 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-03-03 17:28 - 2015-03-03 17:28 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Opera Software
2015-03-03 17:28 - 2015-03-03 17:28 - 00000000 ____D () C:\Users\Esther\AppData\Local\Opera Software
2015-03-03 17:27 - 2015-03-03 17:28 - 00000000 ____D () C:\Program Files\Opera
2015-03-03 17:26 - 2015-03-03 17:26 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z
2015-03-03 17:25 - 2015-03-03 17:25 - 04813544 _____ (Piriform Ltd) C:\Users\Esther\Downloads\CCleanerSetup.exe
2015-03-03 17:19 - 2015-03-03 17:56 - 00000000 ____D () C:\Program Files\Google
2015-03-03 17:19 - 2015-03-03 17:19 - 00000000 ____D () C:\Users\Esther\AppData\Local\Deployment
2015-03-03 17:19 - 2015-03-03 17:19 - 00000000 ____D () C:\Users\Esther\AppData\Local\Apps\2.0
2015-03-03 17:09 - 2015-03-03 17:09 - 42628176 _____ (Google Inc.) C:\Users\Esther\Downloads\ChromeStandaloneSetup.exe
2015-03-03 16:41 - 2015-03-03 16:41 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-03-03 16:41 - 2015-03-03 16:41 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-03-03 10:45 - 2014-07-24 14:50 - 01371176 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-03-03 10:45 - 2014-07-24 14:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-03-03 10:45 - 2014-07-24 14:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2015-03-03 10:45 - 2014-07-24 14:48 - 00362304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2015-03-03 10:45 - 2014-07-24 14:48 - 00338240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-03-03 10:45 - 2014-07-24 14:48 - 00211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2015-03-03 10:45 - 2014-07-24 14:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
2015-03-03 10:45 - 2014-07-24 14:48 - 00111424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2015-03-03 10:45 - 2014-07-24 14:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-03 10:45 - 2014-07-24 14:40 - 01678656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-03-03 10:45 - 2014-07-24 14:39 - 01390448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-03-03 10:45 - 2014-07-24 14:39 - 01281440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-03-03 10:45 - 2014-07-24 14:39 - 01271096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-03-03 10:45 - 2014-07-24 14:39 - 01168344 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-03-03 10:45 - 2014-07-24 14:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-03-03 10:45 - 2014-07-24 14:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-03-03 10:45 - 2014-07-24 14:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-03-03 10:45 - 2014-07-24 14:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2015-03-03 10:45 - 2014-07-24 11:46 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2015-03-03 10:45 - 2014-07-24 11:45 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-03-03 10:45 - 2014-07-24 11:44 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2015-03-03 10:45 - 2014-07-24 11:44 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2015-03-03 10:45 - 2014-07-24 11:43 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2015-03-03 10:45 - 2014-07-24 11:43 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2015-03-03 10:45 - 2014-07-24 11:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-03-03 10:45 - 2014-07-24 11:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2015-03-03 10:45 - 2014-07-24 11:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2015-03-03 10:45 - 2014-07-24 10:55 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2015-03-03 10:45 - 2014-07-24 10:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-03-03 10:45 - 2014-07-24 10:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2015-03-03 10:45 - 2014-07-24 10:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2015-03-03 10:45 - 2014-07-24 10:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2015-03-03 10:45 - 2014-07-24 10:23 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2015-03-03 10:45 - 2014-07-24 10:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-03-03 10:45 - 2014-07-24 10:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-03-03 10:45 - 2014-07-24 10:04 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2015-03-03 10:45 - 2014-07-24 09:44 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-03-03 10:45 - 2014-07-24 09:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2015-03-03 10:45 - 2014-07-24 09:40 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2015-03-03 10:45 - 2014-07-24 09:39 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2015-03-03 10:45 - 2014-07-24 09:32 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2015-03-03 10:45 - 2014-07-24 09:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2015-03-03 10:45 - 2014-07-24 09:29 - 01161216 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2015-03-03 10:45 - 2014-07-24 09:29 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2015-03-03 10:45 - 2014-07-24 09:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-03-03 10:45 - 2014-07-24 09:27 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-03-03 10:45 - 2014-07-24 09:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2015-03-03 10:45 - 2014-07-24 09:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2015-03-03 10:45 - 2014-07-24 09:16 - 01313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-03-03 10:45 - 2014-07-24 09:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2015-03-03 10:45 - 2014-07-24 09:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-03-03 10:45 - 2014-07-24 09:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-03-03 10:45 - 2014-07-24 09:05 - 00535552 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-03-03 10:45 - 2014-07-24 09:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2015-03-03 10:45 - 2014-07-24 09:04 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2015-03-03 10:45 - 2014-07-24 08:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2015-03-03 10:45 - 2014-07-24 08:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2015-03-03 10:45 - 2014-07-24 08:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-03-03 10:45 - 2014-07-24 08:23 - 01222144 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-03-03 10:45 - 2014-07-24 05:13 - 00513544 _____ () C:\WINDOWS\system32\locale.nls
2015-03-03 10:45 - 2014-07-12 05:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2015-03-03 10:45 - 2014-07-04 11:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2015-03-03 10:45 - 2014-07-04 10:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2015-03-03 10:45 - 2014-06-27 06:31 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2015-03-03 10:45 - 2014-06-26 01:32 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2015-03-03 10:45 - 2014-06-20 00:41 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-03-03 10:45 - 2014-06-19 01:56 - 00264512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2015-03-03 10:45 - 2014-06-14 06:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2015-03-03 10:45 - 2014-06-07 11:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2015-03-03 10:45 - 2014-06-05 13:59 - 00869720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-03 10:45 - 2014-06-05 10:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2015-03-03 10:45 - 2014-05-31 05:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2015-03-03 10:45 - 2014-05-29 06:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2015-03-03 10:45 - 2014-05-26 08:16 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-03-03 10:45 - 2014-05-10 09:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-03-03 10:45 - 2014-05-06 01:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-03-03 10:45 - 2014-03-25 02:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2015-03-03 10:45 - 2014-03-25 02:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2015-03-03 10:44 - 2014-07-24 11:52 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2015-03-03 10:44 - 2014-07-24 11:52 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
2015-03-03 10:44 - 2014-07-24 11:52 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2015-03-03 10:44 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2015-03-03 10:44 - 2014-07-24 11:51 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2015-03-03 10:44 - 2014-07-24 11:51 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2015-03-03 10:44 - 2014-07-24 11:51 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2015-03-03 10:44 - 2014-07-24 11:42 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-03-03 10:44 - 2014-07-24 10:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2015-03-03 10:44 - 2014-07-24 10:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-03-03 10:44 - 2014-07-24 10:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2015-03-03 10:44 - 2014-07-24 09:51 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2015-03-03 10:44 - 2014-07-24 09:49 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2015-03-03 10:44 - 2014-07-24 09:39 - 00178176 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2015-03-03 10:44 - 2014-07-24 09:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2015-03-03 10:44 - 2014-07-24 09:06 - 01108480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-03-03 10:44 - 2014-07-24 08:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-03-03 10:44 - 2014-07-04 13:05 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2015-03-03 10:44 - 2014-07-04 11:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-03-03 10:35 - 2015-02-04 00:43 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-03-03 10:35 - 2015-02-04 00:08 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-03-03 10:35 - 2015-02-04 00:08 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-03-03 10:35 - 2015-02-03 00:11 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-03-03 10:35 - 2015-02-03 00:11 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-03-03 10:35 - 2015-02-03 00:11 - 00482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-03-03 10:35 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-03 10:35 - 2014-12-03 00:09 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-03-03 10:35 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-03 10:35 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-03-03 10:35 - 2014-10-13 03:37 - 00108864 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-03-03 10:35 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-03-03 10:35 - 2014-10-08 07:44 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2015-03-03 10:35 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2015-03-03 10:35 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-02 20:13 - 2015-03-02 20:13 - 05977528 _____ (Lenovo Inc.) C:\Users\Esther\Downloads\Lenovo.SuperFishRemovalTool.exe
2015-03-02 19:52 - 2015-03-02 19:52 - 00001190 _____ () C:\Users\Esther\Desktop\mbam1.txt
2015-03-02 19:13 - 2015-03-02 19:13 - 00000000 __SHD () C:\Users\Esther\AppData\Local\EmieBrowserModeList
2015-03-02 19:05 - 2015-03-02 19:05 - 00852594 _____ () C:\Users\Esther\Downloads\SecurityCheck.exe
2015-03-02 17:41 - 2015-03-02 17:42 - 02347384 _____ (ESET) C:\Users\Esther\Downloads\esetsmartinstaller_deu.exe
2015-03-02 10:57 - 2015-03-02 10:57 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-03-02 10:52 - 2015-03-02 10:52 - 00000000 __RHD () C:\MSOCache
2015-03-02 10:50 - 2015-03-02 10:50 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-03-02 10:47 - 2015-03-02 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-02 10:46 - 2015-03-03 10:28 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-02 10:41 - 2015-03-02 10:41 - 00000247 _____ () C:\WINDOWS\system32\2015-03-02-09-41-12.089-aswFe.exe-3568.log
2015-03-02 10:40 - 2015-03-02 10:40 - 00000197 _____ () C:\WINDOWS\system32\2015-03-02-09-40-56.010-AvastVBoxSVC.exe-1428.log
2015-03-02 10:31 - 2015-03-03 16:44 - 00000000 ___RD () C:\Users\Esther\Dropbox
2015-03-02 10:31 - 2015-03-02 10:31 - 00001191 _____ () C:\Users\Esther\Desktop\Dropbox.lnk
2015-03-02 10:29 - 2015-03-02 10:29 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-02 10:27 - 2015-03-03 16:44 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Dropbox
2015-03-02 10:25 - 2015-03-02 10:25 - 00000247 _____ () C:\WINDOWS\system32\2015-03-02-09-25-42.019-aswFe.exe-8056.log
2015-03-02 10:25 - 2015-03-02 10:25 - 00000197 _____ () C:\WINDOWS\system32\2015-03-02-09-25-37.055-AvastVBoxSVC.exe-1552.log
2015-03-02 10:22 - 2015-03-02 10:22 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\AVAST Software
2015-03-02 10:19 - 2015-03-02 10:19 - 00002144 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-02 10:19 - 2015-03-02 10:19 - 00000000 ____D () C:\WINDOWS\system32\vbox
2015-03-02 10:19 - 2015-03-02 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-02 10:18 - 2015-03-02 10:18 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-03-02 10:18 - 2015-03-02 10:18 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-03-02 10:18 - 2015-03-02 10:18 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-03-02 10:18 - 2015-03-02 10:18 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-03-02 10:18 - 2015-03-02 10:18 - 00091496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-03-02 10:18 - 2015-03-02 10:18 - 00081768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-03-02 10:18 - 2015-03-02 10:18 - 00073480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-03-02 10:18 - 2015-03-02 10:18 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-03-02 10:18 - 2015-03-02 10:18 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-03-02 10:18 - 2015-03-02 10:18 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-03-02 10:17 - 2015-03-02 10:17 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-02 10:16 - 2015-03-02 10:17 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-02 10:13 - 2015-03-02 10:16 - 132469808 _____ (AVAST Software) C:\Users\Esther\Downloads\avast_free_antivirus_setup_10.2208.712.exe
2015-03-02 09:18 - 2015-03-03 17:38 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-02 08:21 - 2015-03-02 08:21 - 00000761 _____ () C:\Users\Esther\Desktop\JRT.txt
2015-03-02 08:12 - 2015-03-02 08:12 - 01388333 _____ (Thisisu) C:\Users\Esther\Downloads\JRT.exe
2015-03-02 07:55 - 2015-02-03 20:31 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-03-02 07:55 - 2015-02-03 20:31 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-03-02 07:47 - 2015-03-02 07:47 - 00001114 _____ () C:\Users\Esther\Desktop\mbam.txt
2015-03-02 07:35 - 2015-03-04 07:57 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-02 07:34 - 2015-03-02 07:34 - 00001083 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-02 07:34 - 2015-03-02 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-02 07:33 - 2015-03-02 07:34 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-02 07:33 - 2015-03-02 07:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-02 07:33 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-02 07:33 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-02 07:33 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-02 07:29 - 2015-03-02 07:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Esther\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-02 07:26 - 2015-03-02 07:26 - 00001249 _____ () C:\Users\Esther\Desktop\Revo Uninstaller.lnk
2015-03-02 07:26 - 2015-03-02 07:26 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-02 07:25 - 2015-03-02 07:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Esther\Downloads\revosetup95.exe
2015-03-02 00:06 - 2015-03-02 00:06 - 00028672 ___SH () C:\WINDOWS\system32\config\BCD-Template.LOG
2015-03-02 00:06 - 2015-03-02 00:06 - 00000000 _____ () C:\Recovery.txt
2015-03-01 18:02 - 2015-03-01 18:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-01 18:02 - 2015-01-29 17:49 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-01 16:48 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-01 16:47 - 2015-01-15 23:37 - 00478776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-03-01 16:47 - 2015-01-15 23:37 - 00148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-03-01 16:47 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-03-01 16:47 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-03-01 16:47 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-03-01 16:47 - 2014-10-29 02:03 - 01117696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-03-01 16:46 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-01 16:46 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-01 16:46 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-01 16:46 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-01 16:46 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-01 16:46 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-03-01 16:46 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-01 16:46 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-01 16:46 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-01 16:46 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-01 16:46 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-01 16:46 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-03-01 16:46 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-01 16:46 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-01 16:46 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-01 16:46 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-01 16:46 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-01 16:46 - 2015-01-10 08:38 - 03550720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-01 16:46 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-03-01 16:46 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-01 16:46 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-01 16:46 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2015-03-01 16:46 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2015-03-01 16:46 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2015-03-01 16:46 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2015-03-01 16:46 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2015-03-01 16:46 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2015-03-01 16:46 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-03-01 16:46 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2015-03-01 16:46 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-03-01 16:46 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-03-01 16:46 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2015-03-01 16:46 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-03-01 16:46 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2015-03-01 16:46 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2015-03-01 16:46 - 2014-10-31 04:12 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2015-03-01 16:46 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-01 16:46 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2015-03-01 16:46 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2015-03-01 16:46 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-03-01 16:46 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2015-03-01 16:46 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-03-01 16:46 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-03-01 16:46 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2015-03-01 16:46 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2015-03-01 16:46 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-01 16:46 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2015-03-01 16:45 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-01 16:44 - 2015-01-10 09:28 - 05769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-01 16:44 - 2015-01-10 09:28 - 01468408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-01 16:42 - 2014-12-19 06:46 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-03-01 16:42 - 2014-12-09 04:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-03-01 16:41 - 2014-12-12 02:34 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-03-01 16:41 - 2014-12-08 20:46 - 00485544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-03-01 16:41 - 2014-12-08 20:46 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-03-01 16:41 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-03-01 16:41 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-03-01 16:41 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-03-01 16:41 - 2014-12-06 03:36 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-03-01 16:41 - 2014-12-06 02:28 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-03-01 16:41 - 2014-12-06 02:23 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-03-01 16:41 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-03-01 16:41 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-03-01 16:41 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-03-01 16:41 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-03-01 16:41 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-03-01 16:41 - 2014-10-29 04:07 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-03-01 16:41 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-03-01 16:41 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-03-01 16:41 - 2014-10-29 01:49 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-03-01 16:40 - 2014-12-12 01:46 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-03-01 16:40 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-03-01 16:40 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-03-01 16:39 - 2014-10-10 03:28 - 00022848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-03-01 16:39 - 2014-10-08 07:48 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-01 16:39 - 2014-10-08 07:39 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-03-01 16:39 - 2014-10-08 06:16 - 02975232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-01 16:39 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-03-01 16:38 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2015-03-01 16:38 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-03-01 16:36 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-03-01 16:36 - 2014-09-27 04:12 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-03-01 16:35 - 2014-10-12 09:58 - 00047424 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdusb.dll
2015-03-01 16:35 - 2014-09-10 07:18 - 00333632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-03-01 16:35 - 2014-09-08 03:33 - 01858368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-03-01 16:35 - 2014-09-08 03:33 - 00286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-03-01 16:35 - 2014-09-07 23:07 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-01 16:35 - 2014-09-04 23:29 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-01 16:35 - 2014-09-04 23:20 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-01 16:35 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-03-01 16:35 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-03-01 16:35 - 2014-09-04 01:11 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WofTasks.dll
2015-03-01 16:35 - 2014-09-04 01:00 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2015-03-01 16:35 - 2014-08-31 00:00 - 00120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2015-03-01 16:35 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-01 16:35 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2015-03-01 16:35 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-03-01 16:35 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2015-03-01 16:35 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-03-01 16:35 - 2014-08-23 05:47 - 02151936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-03-01 16:35 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-03-01 16:35 - 2014-07-24 10:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2015-03-01 16:35 - 2014-07-24 09:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2015-03-01 16:35 - 2014-07-24 08:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2015-03-01 16:33 - 2014-10-18 09:49 - 00048496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-03-01 16:33 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-03-01 16:33 - 2014-10-18 08:25 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-03-01 16:33 - 2014-10-18 07:29 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-03-01 16:33 - 2014-10-18 07:16 - 02946560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-03-01 16:33 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-03-01 16:33 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-03-01 16:33 - 2014-10-18 07:12 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-03-01 16:33 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-03-01 16:33 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-03-01 16:33 - 2014-10-18 07:08 - 01653248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-03-01 16:32 - 2014-09-22 03:40 - 00219968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-01 16:32 - 2014-09-22 03:40 - 00084800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-01 16:32 - 2014-09-22 03:39 - 00029688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-01 16:32 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-01 16:31 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2015-03-01 16:31 - 2014-08-16 04:08 - 00863528 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-03-01 16:31 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2015-03-01 16:31 - 2014-08-16 01:39 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-03-01 16:31 - 2014-08-16 01:35 - 00101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2015-03-01 16:31 - 2014-08-16 01:31 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2015-03-01 16:31 - 2014-08-16 01:30 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-03-01 16:31 - 2014-08-16 01:29 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2015-03-01 16:31 - 2014-08-16 01:23 - 00808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2015-03-01 16:31 - 2014-08-16 01:21 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2015-03-01 16:31 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-01 16:31 - 2014-08-16 01:15 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-03-01 16:31 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2015-03-01 16:31 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-03-01 16:31 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-03-01 16:31 - 2014-08-16 01:11 - 03985408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-03-01 16:31 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-03-01 16:31 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-01 16:31 - 2014-08-16 01:05 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-03-01 16:31 - 2014-07-24 14:48 - 00376128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-03-01 16:31 - 2014-07-24 11:43 - 01016320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-03-01 16:31 - 2014-07-24 11:42 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2015-03-01 16:31 - 2014-07-24 10:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-03-01 16:28 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2015-03-01 16:27 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-03-01 16:25 - 2014-08-23 08:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-01 16:25 - 2014-08-23 06:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2015-03-01 16:25 - 2014-08-23 05:02 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2015-03-01 16:25 - 2014-08-15 00:35 - 00122688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2015-03-01 16:25 - 2014-07-30 02:57 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-03-01 16:25 - 2014-07-29 06:06 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2015-03-01 16:24 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-03-01 16:23 - 2014-08-07 00:36 - 01090280 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-03-01 16:23 - 2014-08-02 01:15 - 00976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-03-01 16:22 - 2014-07-15 18:07 - 02257584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2015-03-01 16:22 - 2014-07-15 09:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2015-03-01 16:22 - 2014-07-15 08:55 - 02045440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2015-03-01 16:22 - 2014-07-12 04:43 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-03-01 16:21 - 2014-06-20 01:36 - 00805136 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-03-01 16:21 - 2014-06-13 01:10 - 01326936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-03-01 16:21 - 2014-06-13 01:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-03-01 16:06 - 2015-03-01 16:06 - 00001048 _____ () C:\Users\Esther\Desktop\Notepad++.lnk
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Notepad++
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\Program Files\Notepad++
2015-03-01 16:05 - 2015-03-01 16:05 - 07965917 _____ () C:\Users\Esther\Downloads\npp.6.7.4.Installer.exe
2015-03-01 16:02 - 2015-03-01 16:27 - 00000000 ____D () C:\Users\Esther\Desktop\VuPlus EMM
2015-03-01 16:02 - 2014-05-19 06:33 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2015-03-01 16:02 - 2014-05-19 06:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2015-03-01 15:48 - 2015-03-01 15:52 - 00000000 ____D () C:\AdwCleaner
2015-03-01 15:48 - 2015-03-01 15:48 - 02126848 _____ () C:\Users\Esther\Downloads\AdwCleaner_4.111.exe
2015-03-01 15:41 - 2015-03-02 08:31 - 00012442 _____ () C:\Users\Esther\Downloads\Addition.txt
2015-03-01 15:40 - 2015-03-04 09:17 - 00020792 _____ () C:\Users\Esther\Downloads\FRST.txt
2015-03-01 15:40 - 2015-03-04 09:17 - 00000000 ____D () C:\FRST
2015-03-01 15:39 - 2015-03-01 15:39 - 01132032 _____ (Farbar) C:\Users\Esther\Downloads\FRST.exe
2015-03-01 15:32 - 2015-03-03 17:37 - 00001114 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0542c7ff0f32b.job
2015-03-01 15:27 - 2015-03-04 08:24 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-01 15:27 - 2015-03-03 16:49 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-01 15:27 - 2015-03-01 15:28 - 00000000 ____D () C:\Users\Esther\AppData\Local\Google
2015-03-01 15:22 - 2015-03-01 15:22 - 00000000 ____D () C:\ProgramData\LU
2015-03-01 15:20 - 2015-03-03 16:43 - 00000000 ___DO () C:\Users\Esther\OneDrive
2015-03-01 15:20 - 2015-03-01 15:20 - 00000000 __SHD () C:\Users\Esther\AppData\Local\EmieUserList
2015-03-01 15:20 - 2015-03-01 15:20 - 00000000 __SHD () C:\Users\Esther\AppData\Local\EmieSiteList
2015-03-01 15:18 - 2015-03-01 15:18 - 00000000 ____D () C:\Users\Esther\AppData\Local\Lenovo
2015-03-01 15:16 - 2015-03-01 15:16 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Macromedia
2015-03-01 15:15 - 2015-03-01 15:15 - 00000000 ____D () C:\Users\Esther\AppData\Local\PackageStaging
2015-03-01 15:14 - 2015-03-02 10:37 - 00000000 ____D () C:\Users\Esther
2015-03-01 15:14 - 2015-03-01 15:14 - 00001461 _____ () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-01 15:14 - 2015-03-01 15:14 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-03-01 15:14 - 2015-03-01 15:14 - 00000020 ___SH () C:\Users\Esther\ntuser.ini
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Startmenü
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Netzwerkumgebung
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Druckumgebung
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Documents\Eigene Musik
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Documents\Eigene Bilder
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\AppData\Local\Verlauf
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Adobe
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 ____D () C:\Users\Esther\AppData\Local\VirtualStore
2015-03-01 15:14 - 2014-11-30 21:29 - 00000000 ___RD () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-01 15:14 - 2014-11-30 21:21 - 00000000 ___RD () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-01 15:14 - 2014-11-30 13:29 - 00000000 ____D () C:\Users\Esther\AppData\Local\Pokki
2015-03-01 15:14 - 2014-03-18 08:48 - 00000369 _____ () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-03-01 15:14 - 2014-03-18 08:48 - 00000369 _____ () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-03-01 15:14 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-01 15:14 - 2013-08-22 09:17 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\ProgramData\Dokumente

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 09:01 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-04 06:52 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-04 04:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-03-03 17:38 - 2014-04-04 09:08 - 00000000 ____D () C:\WINDOWS\Panther
2015-03-03 17:01 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-03 16:47 - 2014-03-18 08:50 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-03 16:42 - 2013-08-22 08:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-03 16:41 - 2014-11-30 13:32 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf
2015-03-03 16:41 - 2014-03-18 08:36 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-03 16:41 - 2013-08-22 09:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-03 16:41 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-03 16:41 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-03 16:41 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2015-03-03 16:41 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-03 16:40 - 2014-11-30 21:17 - 00000000 ____D () C:\WINDOWS\system32\Drivers\de-DE
2015-03-03 16:40 - 2013-08-22 09:17 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-03-03 10:54 - 2013-08-22 09:05 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-03 10:52 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-03 10:27 - 2013-08-22 08:22 - 00473904 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-02 20:13 - 2014-11-30 13:12 - 00000000 ____D () C:\Program Files\Lenovo
2015-03-02 19:50 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-02 10:49 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-03-02 10:37 - 2014-11-30 13:33 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-02 10:37 - 2014-11-30 13:33 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-03-02 10:35 - 2013-08-22 09:17 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-03-02 10:33 - 2013-08-22 07:21 - 00000000 ___RD () C:\Users\Public
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-02 00:06 - 2013-08-22 09:17 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-03-01 15:53 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2015-03-01 15:19 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-01 15:18 - 2014-11-30 13:32 - 00000000 ____D () C:\ProgramData\Lenovo
2015-03-01 15:12 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-03-01 15:11 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Windows NT
2015-03-01 15:11 - 2013-08-22 07:21 - 00000000 ___HD () C:\Users\Default

==================== Files in the root of some directories =======

2015-03-03 17:54 - 2015-03-03 17:54 - 6103040 _____ () C:\Program Files\GUTE9E3.tmp

Some content of TEMP:
====================
C:\Users\Esther\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprikoci.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-01 15:06

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 04.03.2015 11:27
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://google.de/
CHR StartupUrls: Default -> "hxxp://www.delta-search.com/?affID=120518&tt=190313_wo3&babsrc=HP_ss&mntrId=B0A9BC05430E79B2", "hxxp://www.giga.de/my_homepage/0022/", "hxxp://isearch.avg.com?cid={CC37F0BC-AA78-474C-A059-8A496B9BA64A}&mid=a9335737799b47d0b6dc016ecee48aac-7a044ede462d0fc8a954fa45c38878beea4ac26d&lang=de&ds=AVG&coid=avgtbavg&pr=pr&d=2013-10-07 13:11:04&v=17.0.1.12&pid=avg&sg=0&sap=hp", "hxxp://homepage-web.com/?s=lenovo&m=start", "hxxp://www.lenovo.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-01]
CHR Extension: (Google Drive) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-01]
CHR Extension: (YouTube) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-01]
CHR Extension: (Facebook) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-03-01]
CHR Extension: (GMX MailCheck) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2015-03-01]
CHR Extension: (Pushbullet) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-03-01]
CHR Extension: (Google Search) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-01]
CHR Extension: (Google Sheets) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-01]
CHR Extension: (Avast Online Security) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-02]
CHR Extension: (Google Play) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-03-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-02]
CHR Extension: (Gmail) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-02]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Brauchst Du jetzt Chrome nochmal? Wenn ja müssen wir noch die reste suchen und löschen damit er sich wieder installieren lässt.

Wenn nein, bestehen aktuell noch Probleme mit dem System?

EsleTra 04.03.2015 12:25
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-02-2015
Ran by Esther at 2015-03-04 12:18:44 Run:3
Running from C:\Users\Esther\Downloads
Loaded Profiles: Esther (Available profiles: Esther)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://google.de/
CHR StartupUrls: Default -> "hxxp://www.delta-search.com/?affID=120518&tt=190313_wo3&babsrc=HP_ss&mntrId=B0A9BC05430E79B2", "hxxp://www.giga.de/my_homepage/0022/", "hxxp://isearch.avg.com?cid={CC37F0BC-AA78-474C-A059-8A496B9BA64A}&mid=a9335737799b47d0b6dc016ecee48aac-7a044ede462d0fc8a954fa45c38878beea4ac26d&lang=de&ds=AVG&coid=avgtbavg&pr=pr&d=2013-10-07 13:11:04&v=17.0.1.12&pid=avg&sg=0&sap=hp", "hxxp://homepage-web.com/?s=lenovo&m=start", "hxxp://www.lenovo.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google :inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}s ugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-01]
CHR Extension: (Google Drive) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-01]
CHR Extension: (YouTube) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-01]
CHR Extension: (Facebook) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-03-01]
CHR Extension: (GMX MailCheck) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2015-03-01]
CHR Extension: (Pushbullet) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-03-01]
CHR Extension: (Google Search) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-01]
CHR Extension: (Google Sheets) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-01]
CHR Extension: (Avast Online Security) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-02]
CHR Extension: (Google Play) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-03-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-02]
CHR Extension: (Gmail) - C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-02]

*****************

CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSuggestURL deleted successfully.

========================= CHR Profile: C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default ========================

"CHR ProC:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default" not found.
====== End Of File: ======

C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek => Moved successfully.
C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf => Moved successfully.
C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => Moved successfully.
C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm => Moved successfully.
C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm => Moved successfully.
C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd => Moved successfully.
C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => Moved successfully.
C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap => Moved successfully.
C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => Moved successfully.
C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi => Moved successfully.
C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg => Moved successfully.
C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => Key deleted successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-04 12:20:06)<=

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => File could not move.

==== End of Fixlog 12:20:06 ====

Google Chome brauche ich nicht unbedingt. Habe halt ein Googlekonto da sind alle Daten mit dem Handy verbunden.
Komme mit Opra nicht ganz so klar da ich mir dort nicht so einfach die Seiten als Applink erstellen kann wie es im Chrome Browswer war.
Sonst kann ich derzeit keine Probleme feststellen.
Vielen Dank für die Hilfe.
Hätte nicht gedacht das ich mit einem PC Tablet so viele Probleme haben werde :-(
Lg Esther

schrauber 04.03.2015 16:26
Dann bitte frische FRST logs.

EsleTra 05.03.2015 08:37
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by Esther (administrator) on LENOVO-PC on 05-03-2015 08:30:26
Running from C:\Users\Esther\Downloads
Loaded Profiles: Esther &  (Available profiles: Esther)
Platform: Microsoft Windows 8.1 mit Bing (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\ModeTran_cp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\FolioSer.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Lenovo Updates\LUService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
() C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Lenovo) C:\Program Files\Lenovo\FolioCase\ModeTran.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.76\opera.exe
() C:\Program Files\Opera\27.0.1689.76\opera_crashreporter.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Opera Software) C:\Program Files\Opera\27.0.1689.76\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.76\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.76\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.76\opera.exe
(Dropbox, Inc.) C:\Users\Esther\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.76\opera.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\Lenovo\CCSDK\CCSDK.exe
() C:\Program Files\Lenovo\CCSDK\WinGather.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Lenovo Updates\LU.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Microsoft Corporation) C:\Users\Esther\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
(Lenovo) C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
(Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_9e2c4d65e2c1ef06\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\System32\DptfPolicyLpmServiceHelper.exe [73216 2014-06-25] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-03-02] (AVAST Software)
Startup: C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Start Page = Homepage
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
HKU\S-1-5-21-2447949755-921433259-1447528216-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = Homepage
HKU\S-1-5-21-2447949755-921433259-1447528216-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2447949755-921433259-1447528216-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
HKU\S-1-5-21-2447949755-921433259-1447528216-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2447949755-921433259-1447528216-1001 -> {26E400EB-FF76-4A9F-88BD-9BD17C9EC864} URL =
SearchScopes: HKU\S-1-5-21-2447949755-921433259-1447528216-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {26E400EB-FF76-4A9F-88BD-9BD17C9EC864} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-02]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-03-02] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-03-02] (Avast Software)
R2 BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [161496 2014-09-10] ()
R2 CCSDK; C:\Program Files\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1840304 2015-01-13] (Microsoft Corporation)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [279000 2014-06-14] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [75264 2014-06-25] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [89088 2014-06-25] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [82432 2014-06-25] (Intel Corporation)
R2 FOLIOSRV; C:\Program Files\Lenovo\FolioCase\FolioSer.exe [23552 2014-07-29] (Lenovo) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [277976 2014-06-14] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\lenovo\easyplussdk\bin\EPHotspot.exe [439040 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
R2 LUService; C:\Program Files\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-17] (Lenovo(beijing) Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2013-12-12] (Nitro PDF Software)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 VeriFaceSrv; C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [54544 2014-11-30] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-22] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1222144 2014-07-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acpials; C:\WINDOWS\system32\DRIVERS\acpials.sys [7680 2014-03-18] (Microsoft Corporation)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-03-02] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73480 2015-03-02] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [81768 2015-03-02] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-03-02] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-03-02] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-03-02] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [91496 2015-03-02] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-03-02] ()
S3 AX88772; C:\WINDOWS\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
R3 BMA2x2Accelerometer; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [186880 2014-03-18] (Microsoft Corporation)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [460800 2014-06-27] (Intel Corporation)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [36352 2014-06-25] (Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\system32\DRIVERS\DptfDevPower.sys [17408 2014-06-25] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\system32\DRIVERS\DptfDevDisplay.sys [19968 2014-06-25] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [28160 2014-06-25] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [72704 2014-06-25] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [174080 2014-06-25] (Intel Corporation)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2014-05-05] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2014-03-22] (Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [58368 2014-03-22] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2014-03-22] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32152 2014-05-06] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [263168 2014-07-16] (Intel(R) Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2014-05-06] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21968 2014-03-16] (Intel Corporation)
R3 ov2722; C:\WINDOWS\System32\drivers\ov2722.sys [49152 2014-06-27] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [48128 2014-03-16] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [183000 2014-06-03] (Realtek Semiconductor Corp.)
R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [508120 2014-08-07] (Realtek Semiconductor Corporation)
R3 RtlWlans; C:\WINDOWS\system32\DRIVERS\rtwlans.sys [2798808 2014-09-11] (Realtek Semiconductor Corporation                          )
R3 SensorsAlsDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2014-01-09] (Intel Corporation)
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-03-02] (Avast Software)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84800 2014-09-22] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 08:30 - 2015-03-05 08:30 - 00000000 ____D () C:\Users\Esther\Downloads\FRST-OlderVersion
2015-03-04 12:21 - 2015-03-04 12:21 - 00880208 _____ (Google Inc.) C:\Users\Esther\Downloads\ChromeSetup (1).exe
2015-03-04 12:19 - 2015-03-04 12:19 - 00000576 _____ () C:\WINDOWS\PFRO.log
2015-03-04 12:19 - 2015-03-04 12:19 - 00000116 _____ () C:\WINDOWS\setupact.log
2015-03-04 12:19 - 2015-03-04 12:19 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-03-04 10:56 - 2015-03-04 11:07 - 00000000 ____D () C:\Program Files\Google
2015-03-04 10:56 - 2015-03-04 10:56 - 00880208 _____ (Google Inc.) C:\Users\Esther\Downloads\ChromeSetup.exe
2015-03-04 08:19 - 2015-03-05 08:01 - 00698378 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-04 07:57 - 2015-03-04 07:57 - 00001189 _____ () C:\Users\Esther\Desktop\mbam2.txt
2015-03-03 17:37 - 2015-03-03 17:37 - 00000988 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-03 17:37 - 2015-03-03 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-03 17:37 - 2015-03-03 17:37 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-03 17:28 - 2015-03-03 17:28 - 00001116 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-03-03 17:28 - 2015-03-03 17:28 - 00001116 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-03-03 17:28 - 2015-03-03 17:28 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Opera Software
2015-03-03 17:28 - 2015-03-03 17:28 - 00000000 ____D () C:\Users\Esther\AppData\Local\Opera Software
2015-03-03 17:27 - 2015-03-04 12:24 - 00000000 ____D () C:\Program Files\Opera
2015-03-03 17:26 - 2015-03-03 17:26 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z
2015-03-03 17:25 - 2015-03-03 17:25 - 04813544 _____ (Piriform Ltd) C:\Users\Esther\Downloads\CCleanerSetup.exe
2015-03-03 17:19 - 2015-03-03 17:19 - 00000000 ____D () C:\Users\Esther\AppData\Local\Deployment
2015-03-03 17:19 - 2015-03-03 17:19 - 00000000 ____D () C:\Users\Esther\AppData\Local\Apps\2.0
2015-03-03 16:41 - 2015-03-03 16:41 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-03-03 16:41 - 2015-03-03 16:41 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-03-03 10:45 - 2014-07-24 14:50 - 01371176 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-03-03 10:45 - 2014-07-24 14:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-03-03 10:45 - 2014-07-24 14:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2015-03-03 10:45 - 2014-07-24 14:48 - 00362304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2015-03-03 10:45 - 2014-07-24 14:48 - 00338240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-03-03 10:45 - 2014-07-24 14:48 - 00211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2015-03-03 10:45 - 2014-07-24 14:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
2015-03-03 10:45 - 2014-07-24 14:48 - 00111424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2015-03-03 10:45 - 2014-07-24 14:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-03 10:45 - 2014-07-24 14:40 - 01678656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-03-03 10:45 - 2014-07-24 14:39 - 01390448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-03-03 10:45 - 2014-07-24 14:39 - 01281440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-03-03 10:45 - 2014-07-24 14:39 - 01271096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-03-03 10:45 - 2014-07-24 14:39 - 01168344 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-03-03 10:45 - 2014-07-24 14:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-03-03 10:45 - 2014-07-24 14:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-03-03 10:45 - 2014-07-24 14:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-03-03 10:45 - 2014-07-24 14:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2015-03-03 10:45 - 2014-07-24 11:46 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2015-03-03 10:45 - 2014-07-24 11:45 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-03-03 10:45 - 2014-07-24 11:44 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2015-03-03 10:45 - 2014-07-24 11:44 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2015-03-03 10:45 - 2014-07-24 11:43 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2015-03-03 10:45 - 2014-07-24 11:43 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2015-03-03 10:45 - 2014-07-24 11:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-03-03 10:45 - 2014-07-24 11:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2015-03-03 10:45 - 2014-07-24 11:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2015-03-03 10:45 - 2014-07-24 10:55 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2015-03-03 10:45 - 2014-07-24 10:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-03-03 10:45 - 2014-07-24 10:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2015-03-03 10:45 - 2014-07-24 10:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2015-03-03 10:45 - 2014-07-24 10:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2015-03-03 10:45 - 2014-07-24 10:23 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2015-03-03 10:45 - 2014-07-24 10:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-03-03 10:45 - 2014-07-24 10:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-03-03 10:45 - 2014-07-24 10:04 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2015-03-03 10:45 - 2014-07-24 09:44 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-03-03 10:45 - 2014-07-24 09:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2015-03-03 10:45 - 2014-07-24 09:40 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2015-03-03 10:45 - 2014-07-24 09:39 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2015-03-03 10:45 - 2014-07-24 09:32 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2015-03-03 10:45 - 2014-07-24 09:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2015-03-03 10:45 - 2014-07-24 09:29 - 01161216 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2015-03-03 10:45 - 2014-07-24 09:29 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2015-03-03 10:45 - 2014-07-24 09:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-03-03 10:45 - 2014-07-24 09:27 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-03-03 10:45 - 2014-07-24 09:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2015-03-03 10:45 - 2014-07-24 09:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2015-03-03 10:45 - 2014-07-24 09:16 - 01313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-03-03 10:45 - 2014-07-24 09:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2015-03-03 10:45 - 2014-07-24 09:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-03-03 10:45 - 2014-07-24 09:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-03-03 10:45 - 2014-07-24 09:05 - 00535552 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-03-03 10:45 - 2014-07-24 09:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2015-03-03 10:45 - 2014-07-24 09:04 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2015-03-03 10:45 - 2014-07-24 08:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2015-03-03 10:45 - 2014-07-24 08:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2015-03-03 10:45 - 2014-07-24 08:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-03-03 10:45 - 2014-07-24 08:23 - 01222144 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-03-03 10:45 - 2014-07-24 05:13 - 00513544 _____ () C:\WINDOWS\system32\locale.nls
2015-03-03 10:45 - 2014-07-12 05:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2015-03-03 10:45 - 2014-07-04 11:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2015-03-03 10:45 - 2014-07-04 10:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2015-03-03 10:45 - 2014-06-27 06:31 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2015-03-03 10:45 - 2014-06-26 01:32 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2015-03-03 10:45 - 2014-06-20 00:41 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-03-03 10:45 - 2014-06-19 01:56 - 00264512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2015-03-03 10:45 - 2014-06-14 06:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2015-03-03 10:45 - 2014-06-07 11:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2015-03-03 10:45 - 2014-06-05 13:59 - 00869720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-03 10:45 - 2014-06-05 10:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2015-03-03 10:45 - 2014-05-31 05:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2015-03-03 10:45 - 2014-05-29 06:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2015-03-03 10:45 - 2014-05-26 08:16 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-03-03 10:45 - 2014-05-10 09:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-03-03 10:45 - 2014-05-06 01:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-03-03 10:45 - 2014-03-25 02:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2015-03-03 10:45 - 2014-03-25 02:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2015-03-03 10:44 - 2014-07-24 11:52 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2015-03-03 10:44 - 2014-07-24 11:52 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
2015-03-03 10:44 - 2014-07-24 11:52 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2015-03-03 10:44 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2015-03-03 10:44 - 2014-07-24 11:51 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2015-03-03 10:44 - 2014-07-24 11:51 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2015-03-03 10:44 - 2014-07-24 11:51 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2015-03-03 10:44 - 2014-07-24 11:42 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-03-03 10:44 - 2014-07-24 10:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2015-03-03 10:44 - 2014-07-24 10:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-03-03 10:44 - 2014-07-24 10:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2015-03-03 10:44 - 2014-07-24 09:51 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2015-03-03 10:44 - 2014-07-24 09:49 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2015-03-03 10:44 - 2014-07-24 09:39 - 00178176 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2015-03-03 10:44 - 2014-07-24 09:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2015-03-03 10:44 - 2014-07-24 09:06 - 01108480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-03-03 10:44 - 2014-07-24 08:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-03-03 10:44 - 2014-07-04 13:05 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2015-03-03 10:44 - 2014-07-04 11:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-03-03 10:35 - 2015-02-04 00:43 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-03-03 10:35 - 2015-02-04 00:08 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-03-03 10:35 - 2015-02-04 00:08 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-03-03 10:35 - 2015-02-03 00:11 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-03-03 10:35 - 2015-02-03 00:11 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-03-03 10:35 - 2015-02-03 00:11 - 00482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-03-03 10:35 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-03 10:35 - 2014-12-03 00:09 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-03-03 10:35 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-03 10:35 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-03-03 10:35 - 2014-10-13 03:37 - 00108864 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-03-03 10:35 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-03-03 10:35 - 2014-10-08 07:44 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2015-03-03 10:35 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2015-03-03 10:35 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-02 20:13 - 2015-03-02 20:13 - 05977528 _____ (Lenovo Inc.) C:\Users\Esther\Downloads\Lenovo.SuperFishRemovalTool.exe
2015-03-02 19:52 - 2015-03-02 19:52 - 00001190 _____ () C:\Users\Esther\Desktop\mbam1.txt
2015-03-02 19:13 - 2015-03-02 19:13 - 00000000 __SHD () C:\Users\Esther\AppData\Local\EmieBrowserModeList
2015-03-02 19:05 - 2015-03-02 19:05 - 00852594 _____ () C:\Users\Esther\Downloads\SecurityCheck.exe
2015-03-02 10:57 - 2015-03-02 10:57 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-03-02 10:52 - 2015-03-02 10:52 - 00000000 __RHD () C:\MSOCache
2015-03-02 10:50 - 2015-03-02 10:50 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-03-02 10:47 - 2015-03-02 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-02 10:46 - 2015-03-03 10:28 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-02 10:41 - 2015-03-02 10:41 - 00000247 _____ () C:\WINDOWS\system32\2015-03-02-09-41-12.089-aswFe.exe-3568.log
2015-03-02 10:40 - 2015-03-02 10:40 - 00000197 _____ () C:\WINDOWS\system32\2015-03-02-09-40-56.010-AvastVBoxSVC.exe-1428.log
2015-03-02 10:31 - 2015-03-04 12:21 - 00000000 ___RD () C:\Users\Esther\Dropbox
2015-03-02 10:31 - 2015-03-02 10:31 - 00001191 _____ () C:\Users\Esther\Desktop\Dropbox.lnk
2015-03-02 10:29 - 2015-03-02 10:29 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-02 10:27 - 2015-03-04 12:21 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Dropbox
2015-03-02 10:25 - 2015-03-02 10:25 - 00000247 _____ () C:\WINDOWS\system32\2015-03-02-09-25-42.019-aswFe.exe-8056.log
2015-03-02 10:25 - 2015-03-02 10:25 - 00000197 _____ () C:\WINDOWS\system32\2015-03-02-09-25-37.055-AvastVBoxSVC.exe-1552.log
2015-03-02 10:22 - 2015-03-02 10:22 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\AVAST Software
2015-03-02 10:19 - 2015-03-02 10:19 - 00002144 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-02 10:19 - 2015-03-02 10:19 - 00000000 ____D () C:\WINDOWS\system32\vbox
2015-03-02 10:19 - 2015-03-02 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-02 10:18 - 2015-03-02 10:18 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-03-02 10:18 - 2015-03-02 10:18 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-03-02 10:18 - 2015-03-02 10:18 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-03-02 10:18 - 2015-03-02 10:18 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-03-02 10:18 - 2015-03-02 10:18 - 00091496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-03-02 10:18 - 2015-03-02 10:18 - 00081768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-03-02 10:18 - 2015-03-02 10:18 - 00073480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-03-02 10:18 - 2015-03-02 10:18 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-03-02 10:18 - 2015-03-02 10:18 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-03-02 10:18 - 2015-03-02 10:18 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-03-02 10:17 - 2015-03-02 10:17 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-02 10:16 - 2015-03-02 10:17 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-02 10:13 - 2015-03-02 10:16 - 132469808 _____ (AVAST Software) C:\Users\Esther\Downloads\avast_free_antivirus_setup_10.2208.712.exe
2015-03-02 09:18 - 2015-03-03 17:38 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-02 08:21 - 2015-03-02 08:21 - 00000761 _____ () C:\Users\Esther\Desktop\JRT.txt
2015-03-02 08:12 - 2015-03-02 08:12 - 01388333 _____ (Thisisu) C:\Users\Esther\Downloads\JRT.exe
2015-03-02 07:55 - 2015-02-03 20:31 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-03-02 07:55 - 2015-02-03 20:31 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-03-02 07:47 - 2015-03-02 07:47 - 00001114 _____ () C:\Users\Esther\Desktop\mbam.txt
2015-03-02 07:35 - 2015-03-04 13:09 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-02 07:34 - 2015-03-02 07:34 - 00001083 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-02 07:34 - 2015-03-02 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-02 07:33 - 2015-03-02 07:34 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-02 07:33 - 2015-03-02 07:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-02 07:33 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-02 07:33 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-02 07:33 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-02 07:29 - 2015-03-02 07:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Esther\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-02 07:26 - 2015-03-02 07:26 - 00001249 _____ () C:\Users\Esther\Desktop\Revo Uninstaller.lnk
2015-03-02 07:26 - 2015-03-02 07:26 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-02 07:25 - 2015-03-02 07:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Esther\Downloads\revosetup95.exe
2015-03-02 00:06 - 2015-03-02 00:06 - 00028672 ___SH () C:\WINDOWS\system32\config\BCD-Template.LOG
2015-03-02 00:06 - 2015-03-02 00:06 - 00000000 _____ () C:\Recovery.txt
2015-03-01 18:02 - 2015-03-01 18:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-01 18:02 - 2015-01-29 17:49 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-01 16:48 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-01 16:47 - 2015-01-15 23:37 - 00478776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-03-01 16:47 - 2015-01-15 23:37 - 00148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-03-01 16:47 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-03-01 16:47 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-03-01 16:47 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-03-01 16:47 - 2014-10-29 02:03 - 01117696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-03-01 16:46 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-01 16:46 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-01 16:46 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-01 16:46 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-01 16:46 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-01 16:46 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-03-01 16:46 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-01 16:46 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-01 16:46 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-01 16:46 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-01 16:46 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-01 16:46 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-03-01 16:46 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-01 16:46 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-01 16:46 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-01 16:46 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-01 16:46 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-01 16:46 - 2015-01-10 08:38 - 03550720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-01 16:46 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-03-01 16:46 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-01 16:46 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-01 16:46 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2015-03-01 16:46 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2015-03-01 16:46 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2015-03-01 16:46 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2015-03-01 16:46 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2015-03-01 16:46 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2015-03-01 16:46 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-03-01 16:46 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2015-03-01 16:46 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-03-01 16:46 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-03-01 16:46 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2015-03-01 16:46 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-03-01 16:46 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2015-03-01 16:46 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2015-03-01 16:46 - 2014-10-31 04:12 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2015-03-01 16:46 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-01 16:46 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2015-03-01 16:46 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2015-03-01 16:46 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-03-01 16:46 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2015-03-01 16:46 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-03-01 16:46 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-03-01 16:46 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2015-03-01 16:46 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2015-03-01 16:46 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-01 16:46 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2015-03-01 16:45 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-01 16:44 - 2015-01-10 09:28 - 05769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-01 16:44 - 2015-01-10 09:28 - 01468408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-01 16:42 - 2014-12-19 06:46 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-03-01 16:42 - 2014-12-09 04:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-03-01 16:41 - 2014-12-12 02:34 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-03-01 16:41 - 2014-12-08 20:46 - 00485544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-03-01 16:41 - 2014-12-08 20:46 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-03-01 16:41 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-03-01 16:41 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-03-01 16:41 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-03-01 16:41 - 2014-12-06 03:36 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-03-01 16:41 - 2014-12-06 02:28 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-03-01 16:41 - 2014-12-06 02:23 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-03-01 16:41 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-03-01 16:41 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-03-01 16:41 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-03-01 16:41 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-03-01 16:41 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-03-01 16:41 - 2014-10-29 04:07 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-03-01 16:41 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-03-01 16:41 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-03-01 16:41 - 2014-10-29 01:49 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-03-01 16:40 - 2014-12-12 01:46 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-03-01 16:40 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-03-01 16:40 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-03-01 16:39 - 2014-10-10 03:28 - 00022848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-03-01 16:39 - 2014-10-08 07:48 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-01 16:39 - 2014-10-08 07:39 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-03-01 16:39 - 2014-10-08 06:16 - 02975232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-01 16:39 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-03-01 16:38 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2015-03-01 16:38 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-03-01 16:36 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-03-01 16:36 - 2014-09-27 04:12 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-03-01 16:35 - 2014-10-12 09:58 - 00047424 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdusb.dll
2015-03-01 16:35 - 2014-09-10 07:18 - 00333632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-03-01 16:35 - 2014-09-08 03:33 - 01858368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-03-01 16:35 - 2014-09-08 03:33 - 00286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-03-01 16:35 - 2014-09-07 23:07 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-01 16:35 - 2014-09-04 23:29 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-01 16:35 - 2014-09-04 23:20 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-01 16:35 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-03-01 16:35 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-03-01 16:35 - 2014-09-04 01:11 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WofTasks.dll
2015-03-01 16:35 - 2014-09-04 01:00 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2015-03-01 16:35 - 2014-08-31 00:00 - 00120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2015-03-01 16:35 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-01 16:35 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2015-03-01 16:35 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-03-01 16:35 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2015-03-01 16:35 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-03-01 16:35 - 2014-08-23 05:47 - 02151936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-03-01 16:35 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-03-01 16:35 - 2014-07-24 10:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2015-03-01 16:35 - 2014-07-24 09:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2015-03-01 16:35 - 2014-07-24 08:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2015-03-01 16:33 - 2014-10-18 09:49 - 00048496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-03-01 16:33 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-03-01 16:33 - 2014-10-18 08:25 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-03-01 16:33 - 2014-10-18 07:29 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-03-01 16:33 - 2014-10-18 07:16 - 02946560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-03-01 16:33 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-03-01 16:33 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-03-01 16:33 - 2014-10-18 07:12 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-03-01 16:33 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-03-01 16:33 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-03-01 16:33 - 2014-10-18 07:08 - 01653248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-03-01 16:32 - 2014-09-22 03:40 - 00219968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-01 16:32 - 2014-09-22 03:40 - 00084800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-01 16:32 - 2014-09-22 03:39 - 00029688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-01 16:32 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-01 16:31 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2015-03-01 16:31 - 2014-08-16 04:08 - 00863528 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-03-01 16:31 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2015-03-01 16:31 - 2014-08-16 01:39 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-03-01 16:31 - 2014-08-16 01:35 - 00101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2015-03-01 16:31 - 2014-08-16 01:31 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2015-03-01 16:31 - 2014-08-16 01:30 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-03-01 16:31 - 2014-08-16 01:29 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2015-03-01 16:31 - 2014-08-16 01:23 - 00808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2015-03-01 16:31 - 2014-08-16 01:21 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2015-03-01 16:31 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-01 16:31 - 2014-08-16 01:15 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-03-01 16:31 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2015-03-01 16:31 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-03-01 16:31 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-03-01 16:31 - 2014-08-16 01:11 - 03985408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-03-01 16:31 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-03-01 16:31 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-01 16:31 - 2014-08-16 01:05 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-03-01 16:31 - 2014-07-24 14:48 - 00376128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-03-01 16:31 - 2014-07-24 11:43 - 01016320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-03-01 16:31 - 2014-07-24 11:42 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2015-03-01 16:31 - 2014-07-24 10:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-03-01 16:28 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2015-03-01 16:27 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-03-01 16:25 - 2014-08-23 08:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-01 16:25 - 2014-08-23 06:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2015-03-01 16:25 - 2014-08-23 05:02 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2015-03-01 16:25 - 2014-08-15 00:35 - 00122688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2015-03-01 16:25 - 2014-07-30 02:57 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-03-01 16:25 - 2014-07-29 06:06 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2015-03-01 16:24 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-03-01 16:23 - 2014-08-07 00:36 - 01090280 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-03-01 16:23 - 2014-08-02 01:15 - 00976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-03-01 16:22 - 2014-07-15 18:07 - 02257584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2015-03-01 16:22 - 2014-07-15 09:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2015-03-01 16:22 - 2014-07-15 08:55 - 02045440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2015-03-01 16:22 - 2014-07-12 04:43 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-03-01 16:21 - 2014-06-20 01:36 - 00805136 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-03-01 16:21 - 2014-06-13 01:10 - 01326936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-03-01 16:21 - 2014-06-13 01:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-03-01 16:06 - 2015-03-01 16:06 - 00001048 _____ () C:\Users\Esther\Desktop\Notepad++.lnk
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Notepad++
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-03-01 16:06 - 2015-03-01 16:06 - 00000000 ____D () C:\Program Files\Notepad++
2015-03-01 16:05 - 2015-03-01 16:05 - 07965917 _____ () C:\Users\Esther\Downloads\npp.6.7.4.Installer.exe
2015-03-01 16:02 - 2015-03-04 09:58 - 00000000 ____D () C:\Users\Esther\Desktop\VuPlus EMM
2015-03-01 16:02 - 2014-05-19 06:33 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2015-03-01 16:02 - 2014-05-19 06:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2015-03-01 15:48 - 2015-03-01 15:52 - 00000000 ____D () C:\AdwCleaner
2015-03-01 15:48 - 2015-03-01 15:48 - 02126848 _____ () C:\Users\Esther\Downloads\AdwCleaner_4.111.exe
2015-03-01 15:41 - 2015-03-02 08:31 - 00012442 _____ () C:\Users\Esther\Downloads\Addition.txt
2015-03-01 15:40 - 2015-03-05 08:30 - 00018896 _____ () C:\Users\Esther\Downloads\FRST.txt
2015-03-01 15:40 - 2015-03-05 08:30 - 00000000 ____D () C:\FRST
2015-03-01 15:39 - 2015-03-05 08:30 - 01132544 _____ (Farbar) C:\Users\Esther\Downloads\FRST.exe
2015-03-01 15:32 - 2015-03-04 12:20 - 00001114 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0542c7ff0f32b.job
2015-03-01 15:27 - 2015-03-05 08:10 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-01 15:27 - 2015-03-04 15:39 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-01 15:27 - 2015-03-01 15:28 - 00000000 ____D () C:\Users\Esther\AppData\Local\Google
2015-03-01 15:22 - 2015-03-01 15:22 - 00000000 ____D () C:\ProgramData\LU
2015-03-01 15:20 - 2015-03-04 12:21 - 00000000 ___DO () C:\Users\Esther\OneDrive
2015-03-01 15:20 - 2015-03-01 15:20 - 00000000 __SHD () C:\Users\Esther\AppData\Local\EmieUserList
2015-03-01 15:20 - 2015-03-01 15:20 - 00000000 __SHD () C:\Users\Esther\AppData\Local\EmieSiteList
2015-03-01 15:18 - 2015-03-01 15:18 - 00000000 ____D () C:\Users\Esther\AppData\Local\Lenovo
2015-03-01 15:16 - 2015-03-01 15:16 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Macromedia
2015-03-01 15:15 - 2015-03-01 15:15 - 00000000 ____D () C:\Users\Esther\AppData\Local\PackageStaging
2015-03-01 15:14 - 2015-03-02 10:37 - 00000000 ____D () C:\Users\Esther
2015-03-01 15:14 - 2015-03-01 15:14 - 00001461 _____ () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-01 15:14 - 2015-03-01 15:14 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-03-01 15:14 - 2015-03-01 15:14 - 00000020 ___SH () C:\Users\Esther\ntuser.ini
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Startmenü
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Netzwerkumgebung
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Druckumgebung
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Documents\Eigene Musik
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\Documents\Eigene Bilder
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 _SHDL () C:\Users\Esther\AppData\Local\Verlauf
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Adobe
2015-03-01 15:14 - 2015-03-01 15:14 - 00000000 ____D () C:\Users\Esther\AppData\Local\VirtualStore
2015-03-01 15:14 - 2014-11-30 21:29 - 00000000 ___RD () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-01 15:14 - 2014-11-30 21:21 - 00000000 ___RD () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-01 15:14 - 2014-11-30 13:29 - 00000000 ____D () C:\Users\Esther\AppData\Local\Pokki
2015-03-01 15:14 - 2014-03-18 08:48 - 00000369 _____ () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-03-01 15:14 - 2014-03-18 08:48 - 00000369 _____ () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-03-01 15:14 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-01 15:14 - 2013-08-22 09:17 - 00000000 ____D () C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-03-01 15:11 - 2015-03-01 15:11 - 00000000 _SHDL () C:\ProgramData\Dokumente

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 07:05 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-04 12:27 - 2014-03-18 08:50 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-04 12:19 - 2013-08-22 08:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-04 12:19 - 2013-08-22 08:22 - 00473904 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-04 12:19 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-04 12:18 - 2014-11-30 13:32 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf
2015-03-04 09:30 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-04 06:52 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-04 04:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-03-03 17:38 - 2014-04-04 09:08 - 00000000 ____D () C:\WINDOWS\Panther
2015-03-03 17:06 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-03 16:41 - 2014-03-18 08:36 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-03 16:41 - 2013-08-22 09:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-03 16:41 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-03 16:41 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-03 16:41 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2015-03-03 16:40 - 2014-11-30 21:17 - 00000000 ____D () C:\WINDOWS\system32\Drivers\de-DE
2015-03-03 16:40 - 2013-08-22 09:17 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-03-03 10:54 - 2013-08-22 09:05 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-03 10:52 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-02 20:13 - 2014-11-30 13:12 - 00000000 ____D () C:\Program Files\Lenovo
2015-03-02 10:49 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-03-02 10:37 - 2014-11-30 13:33 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-02 10:37 - 2014-11-30 13:33 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-03-02 10:35 - 2013-08-22 09:17 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-03-02 10:33 - 2013-08-22 07:21 - 00000000 ___RD () C:\Users\Public
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-02 07:51 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-02 00:06 - 2013-08-22 09:17 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-03-01 15:53 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2015-03-01 15:19 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-01 15:18 - 2014-11-30 13:32 - 00000000 ____D () C:\ProgramData\Lenovo
2015-03-01 15:12 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-03-01 15:11 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Windows NT
2015-03-01 15:11 - 2013-08-22 07:21 - 00000000 ___HD () C:\Users\Default

Some content of TEMP:
====================
C:\Users\Esther\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyz7mn0.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-01 15:06

==================== End Of Log ============================
--- --- ---

--- --- ---


Welche Programme soll ich denn noch auf dem PC belassen das es ja nur ein Tablet PC ist habe ich nur 32 GB internen Speicher.
Lg Esther

schrauber 05.03.2015 10:50
Die werfen wir alle wieder runter wenn wir fertig sind. Addition.txt fehlt noch. Bitte FRST öffnen, Haken bei Addition setzen, scannen, poste nur die Addition.txt :)

EsleTra 05.03.2015 10:57
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
Ran by Esther at 2015-03-05 10:53:44
Running from C:\Users\Esther\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Benutzerhandbücher (Version: 3.0.0.3 - Lenovo) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CCleaner Packages (HKU\S-1-5-21-2447949755-921433259-1447528216-1001\...\CCleaner Packages) (Version:  - ) <==== ATTENTION
CCSDK (HKLM\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.0.3.4 - Lenovo)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dropbox (HKU\S-1-5-21-2447949755-921433259-1447528216-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
FolioCase (HKLM\...\InstallShield_{1979BBD9-9327-44F8-B593-515B29BE9BAB}) (Version: 1.00.0002 - Lenovo)
FolioCase (Version: 1.00.0002 - Lenovo) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo SHAREit (HKLM\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo Updates (HKLM\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.1.0.61 - Lenovo)
Lenovo Updates (Version: 1.1.0.61 - Lenovo) Hidden
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.11.14.7251 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Metric Collection SDK 35 (Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2447949755-921433259-1447528216-1001\...\OneDriveSetup.exe) (Version: 17.3.4724.0224 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{53D8DB49-A741-406E-B09C-8676FB05AE79}) (Version: 9.0.5.9 - Nitro)
Notepad++ (HKLM\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Opera Stable 27.0.1689.76 (HKLM\...\Opera 27.0.1689.76) (Version: 27.0.1689.76 - Opera Software ASA)
REALTEK Bluetooth (HKLM\...\InstallShield_{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.65.40919 - Realtek Semiconductor Corp.)
REALTEK Bluetooth (Version: 1.0.65.40919 - Ihr Firmenname) Hidden
REALTEK Wireless LAN Driver (HKLM\...\{33AABC60-A52F-41FF-B2B9-17321240CD5}) (Version: 1.01.0243 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
UESDK (HKLM\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.2.7 - Lenovo)
User Manuals (HKLM\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Esther\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Esther\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:13 - 2013-08-22 07:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2EF9D9B1-3296-428C-9285-DD52A6B98A84} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LENOVO-PC-Esther Lenovo-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-02] (Microsoft Corporation)
Task: {4F4A46A1-5A30-491A-A079-C903BFDFD6FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-04] (Google Inc.)
Task: {572D12D1-673B-43FA-9013-257474C23C3E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-02] (AVAST Software)
Task: {5C69D7CF-10CA-4DA6-AA65-52D6818AAFA7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {69742E71-4399-48E1-866F-6467E9732730} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {7EE5757E-605A-44F5-BC2D-1B9AD02ABD5B} - System32\Tasks\Opera scheduled Autoupdate 1425400084 => C:\Program Files\Opera\launcher.exe [2015-02-23] (Opera Software)
Task: {9CA580F7-43E8-44C8-BC9A-BB7866629E6E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {AAB4EBBA-CC83-47B7-B1CE-73E806703F2A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-04] (Google Inc.)
Task: {AD1E2BD5-F4AA-44AA-BD45-F1A60EC14989} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-05] (Adobe Systems Incorporated)
Task: {C178A5CB-7509-4127-8621-034F368535DB} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2447949755-921433259-1447528216-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {C72915FA-3C9B-4DF1-93C9-D9DC6A751D1D} - System32\Tasks\GoogleUpdateTaskMachineCore1d0542c7ff0f32b => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-04] (Google Inc.)
Task: {CB8B7613-3601-4597-9E1F-F37A8F24B1B6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_305_pepper.exe [2015-03-05] (Adobe Systems Incorporated)
Task: {D86D4703-F169-490F-B175-74CFA6EEE686} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {DAF43146-E516-48A3-BE31-63B6A7685179} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2015-03-01] (Lenovo)
Task: {E9E3F333-396B-4A82-A19E-7CCC3911D571} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()
Task: {F22B387E-AAAF-4BEA-A461-C1EBAB2AB9AF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-29] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_305_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0542c7ff0f32b.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-04 04:42 - 2015-03-04 04:42 - 02916864 _____ () C:\Program Files\AVAST Software\Avast\defs\15030301\algo.dll
2015-03-02 10:18 - 2015-03-02 10:18 - 02151544 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxVMM.dll
2015-03-02 10:18 - 2015-03-02 10:18 - 04474224 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2015-03-02 10:18 - 2015-03-02 10:18 - 00021488 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM.dll
2015-03-05 08:29 - 2015-03-05 08:29 - 02916352 _____ () C:\Program Files\AVAST Software\Avast\defs\15030403\algo.dll
2014-11-30 13:12 - 2014-09-10 15:24 - 00161496 _____ () C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
2015-03-02 10:46 - 2014-05-20 02:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2014-11-30 13:32 - 2014-11-30 13:32 - 00054544 _____ () C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2014-11-30 13:32 - 2014-11-30 13:32 - 00510224 _____ () C:\Program Files\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2015-03-02 10:18 - 2015-03-02 10:18 - 00317632 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-03-02 10:18 - 2015-03-02 10:18 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-02 10:47 - 2015-03-02 20:15 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-03-02 10:29 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\Esther\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 12:21 - 2015-03-04 12:21 - 00043008 _____ () c:\users\esther\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyz7mn0.dll
2015-03-02 10:29 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\Esther\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-02 10:29 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\Esther\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-02 10:29 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\Esther\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-11-30 13:32 - 2014-07-09 17:19 - 00592880 _____ () C:\Program Files\Lenovo\CCSDK\CCSDK.exe
2014-11-30 13:32 - 2014-07-09 17:19 - 00397296 _____ () C:\Program Files\Lenovo\CCSDK\WinGather.exe
2015-03-03 17:28 - 2015-02-23 09:53 - 00157816 _____ () C:\Program Files\Opera\27.0.1689.76\message_center_win8.dll
2015-03-03 17:28 - 2015-02-23 09:53 - 00552056 _____ () C:\Program Files\Opera\27.0.1689.76\opera_crashreporter.exe
2015-03-03 17:28 - 2015-02-23 09:53 - 01408632 _____ () C:\Program Files\Opera\27.0.1689.76\libglesv2.dll
2015-03-03 17:28 - 2015-02-23 09:53 - 00219256 _____ () C:\Program Files\Opera\27.0.1689.76\libegl.dll
2015-03-03 17:28 - 2015-02-23 09:53 - 09510520 _____ () C:\Program Files\Opera\27.0.1689.76\pdf.dll
2015-03-05 09:03 - 2015-03-05 09:30 - 14964912 _____ () C:\WINDOWS\system32\Macromed\Flash\pepflashplayer32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Esther\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VisualDiscovery => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2447949755-921433259-1447528216-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Esther\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\lenovowallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2447949755-921433259-1447528216-500 - Administrator - Disabled)
Esther (S-1-5-21-2447949755-921433259-1447528216-1001 - Administrator - Enabled) => C:\Users\Esther
Gast (S-1-5-21-2447949755-921433259-1447528216-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2447949755-921433259-1447528216-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2015 08:29:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Bei der Aktivierung der App „Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim“ ist folgender Fehler aufgetreten: -2147024865. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (03/04/2015 00:16:50 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (03/03/2015 05:25:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: 65F7D090_stp.EXE, Version: 0.0.0.0, Zeitstempel: 0x4b1ae411
Name des fehlerhaften Moduls: NSISEncrypt.dll, Version: 0.0.0.0, Zeitstempel: 0x54f5cf55
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000038c8
ID des fehlerhaften Prozesses: 0x490
Startzeit der fehlerhaften Anwendung: 0x65F7D090_stp.EXE0
Pfad der fehlerhaften Anwendung: 65F7D090_stp.EXE1
Pfad des fehlerhaften Moduls: 65F7D090_stp.EXE2
Berichtskennung: 65F7D090_stp.EXE3
Vollständiger Name des fehlerhaften Pakets: 65F7D090_stp.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 65F7D090_stp.EXE5

Error: (03/03/2015 04:44:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CCSDK.exe, Version: 1.0.3.4, Zeitstempel: 0x53bcd5bf
Name des fehlerhaften Moduls: SensorsApi.dll_unloaded, Version: 6.3.9600.17041, Zeitstempel: 0x531820cc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00006130
ID des fehlerhaften Prozesses: 0x14e0
Startzeit der fehlerhaften Anwendung: 0xCCSDK.exe0
Pfad der fehlerhaften Anwendung: CCSDK.exe1
Pfad des fehlerhaften Moduls: CCSDK.exe2
Berichtskennung: CCSDK.exe3
Vollständiger Name des fehlerhaften Pakets: CCSDK.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CCSDK.exe5

Error: (03/02/2015 11:55:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147023174. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (03/02/2015 10:40:45 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen einer Routine auf dem Schattenkopieanbieter "{b5946137-7b9f-4925-af80-51abd60b20d5}" ist ein Fehler aufgetreten. Die Routine hat E_INVALIDARG zurückgegeben.
Routinedetails GetSnapshot({00000000-0000-0000-0000-000000000000},00D092F0).


Vorgang:
  Eigenschaften der Schattenkopie abrufen

Kontext:
  Ausführungskontext: Coordinator

Error: (03/02/2015 10:40:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CCSDK.exe, Version: 1.0.3.4, Zeitstempel: 0x53bcd5bf
Name des fehlerhaften Moduls: SensorsApi.dll_unloaded, Version: 6.3.9600.17041, Zeitstempel: 0x531820cc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00006130
ID des fehlerhaften Prozesses: 0xcb8
Startzeit der fehlerhaften Anwendung: 0xCCSDK.exe0
Pfad der fehlerhaften Anwendung: CCSDK.exe1
Pfad des fehlerhaften Moduls: CCSDK.exe2
Berichtskennung: CCSDK.exe3
Vollständiger Name des fehlerhaften Pakets: CCSDK.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CCSDK.exe5

Error: (03/02/2015 10:20:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary bigjzhjs.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (03/02/2015 10:19:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary bigjzhjs.

System Error:
Das System kann die angegebene Datei nicht finden.
.


System errors:
=============
Error: (03/05/2015 08:29:52 AM) (Source: DCOM) (EventID: 10001) (User: LENOVO-PC)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:microsoft.onenoteim.AppXm6fgyxg551ans5s3xmezr3h6w655wb0r.mca31microsoft.onenoteim.AppXz97txms671kxkms1js0am360cp52b5qq.mcaNicht verfügbarNicht verfügbar

Error: (03/05/2015 08:01:25 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WMPNetworkSvc erreicht.

Error: (03/05/2015 06:50:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WMPNetworkSvc erreicht.

Error: (03/05/2015 06:42:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WMPNetworkSvc erreicht.

Error: (03/05/2015 06:21:23 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105.

Error: (03/05/2015 06:07:30 AM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: 1053gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (03/05/2015 06:07:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (03/05/2015 06:07:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.

Error: (03/05/2015 01:11:05 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WMPNetworkSvc erreicht.

Error: (03/05/2015 00:57:13 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WMPNetworkSvc erreicht.


Microsoft Office Sessions:
=========================
Error: (03/05/2015 08:29:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim-2147024865

Error: (03/04/2015 00:16:50 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (03/03/2015 05:25:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 65F7D090_stp.EXE0.0.0.04b1ae411NSISEncrypt.dll0.0.0.054f5cf55c0000005000038c849001d055ceae111caeC:\Users\Esther\AppData\Local\Temp\is1488139799\65F7D090_stp.EXEC:\Users\Esther\AppData\Local\Temp\nsk2BC1.tmp\NSISEncrypt.dlleffbdd2a-c1c1-11e4-9727-40e2304be8f2

Error: (03/03/2015 04:44:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCSDK.exe1.0.3.453bcd5bfSensorsApi.dll_unloaded6.3.9600.17041531820ccc00000050000613014e001d055c8ec9a4ad1C:\Program Files\Lenovo\CCSDK\CCSDK.exeSensorsApi.dll2e0728d7-c1bc-11e4-9727-40e2304be8f2

Error: (03/02/2015 11:55:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174

Error: (03/02/2015 10:40:45 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},00D092F0)

Vorgang:
  Eigenschaften der Schattenkopie abrufen

Kontext:
  Ausführungskontext: Coordinator

Error: (03/02/2015 10:40:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCSDK.exe1.0.3.453bcd5bfSensorsApi.dll_unloaded6.3.9600.17041531820ccc000000500006130cb801d054ccd80407b9C:\Program Files\Lenovo\CCSDK\CCSDK.exeSensorsApi.dll20f323ec-c0c0-11e4-9725-40e2304be8f2

Error: (03/02/2015 10:20:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary bigjzhjs.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (03/02/2015 10:19:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary bigjzhjs.

System Error:
Das System kann die angegebene Datei nicht finden.


==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU Z3735F @ 1.33GHz
Percentage of memory in use: 59%
Total physical RAM: 1986.59 MB
Available physical RAM: 807.88 MB
Total Pagefile: 3443.91 MB
Available Pagefile: 1047.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.14 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:22.6 GB) (Free:8.18 GB) NTFS
Drive d: () (Removable) (Total:29.71 GB) (Free:29.51 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 1A560338)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 29.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---


ist das ein sch.... hoffe das ich nicht wieder solche Probleme bekomme.

schrauber 05.03.2015 17:23
Scan mit SystemLook

Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    :filefind
    *Chrome*
    :regfind
    Chrome
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

EsleTra 05.03.2015 17:29
SystemLook 30.07.11 by jpshortstuff
Log created at 17:26 on 05/03/2015 by Esther
Administrator - Elevation successful

========== filefind ==========

Searching for "*Chrome*"
C:\$RECYCLE.BIN\S-1-5-21-2447949755-921433259-1447528216-1001\$RQTI8MP\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\42.0.2311.15\42.0.2311.15_42.0.2311.11_chrome_updater.exe --a---- 2152528 bytes [05:24 04/03/2015] [05:24 04/03/2015] 0EE989E36A96F088AA8AB2F4D7CBCBB2
C:\$RECYCLE.BIN\S-1-5-21-2447949755-921433259-1447528216-1001\$RQTI8MP\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\40.0.2214.115\chrome_installer.exe --a---- 41186896 bytes [09:42 04/03/2015] [09:42 04/03/2015] C5FD49B0561203A17BBF947738CB124A
C:\$RECYCLE.BIN\S-1-5-21-2447949755-921433259-1447528216-1001\$RQTI8MP\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\41.0.2272.76\41.0.2272.76_chrome_installer.exe --a---- 41424976 bytes [09:44 04/03/2015] [09:44 04/03/2015] B396940887A697BD797DC2EB20EA2E19
C:\$RECYCLE.BIN\S-1-5-21-2447949755-921433259-1447528216-1001\$RQTI8MP\Update\Install\{0479E7D5-3441-4E9E-BFE2-23FDDBE21AC7}\chrome_installer.exe --a---- 41186896 bytes [09:42 04/03/2015] [09:42 04/03/2015] C5FD49B0561203A17BBF947738CB124A
C:\$RECYCLE.BIN\S-1-5-21-2447949755-921433259-1447528216-1001\$RQTI8MP\Update\Install\{2AE260E5-0626-4820-B330-5F5B585FFE68}\41.0.2272.76_chrome_installer.exe --a---- 41424976 bytes [09:45 04/03/2015] [09:44 04/03/2015] B396940887A697BD797DC2EB20EA2E19
C:\$RECYCLE.BIN\S-1-5-21-2447949755-921433259-1447528216-1001\$RQTI8MP\Update\Install\{F4041BFF-A0AD-42F0-BAC5-8BC267E1E618}\40.0.2214.115_chrome_installer.exe --a---- 41186896 bytes [16:55 03/03/2015] [16:55 03/03/2015] C5FD49B0561203A17BBF947738CB124A
C:\$RECYCLE.BIN\S-1-5-21-2447949755-921433259-1447528216-1001\$RQTI8MP\Update\Install\{F4839033-F432-4BBA-950B-FAD89F582388}\42.0.2311.15_42.0.2311.11_chrome_updater.exe --a---- 2152528 bytes [05:24 04/03/2015] [05:24 04/03/2015] 0EE989E36A96F088AA8AB2F4D7CBCBB2
C:\$RECYCLE.BIN\S-1-5-21-2447949755-921433259-1447528216-1001\$RQTI8MP\Update\Install\{FC4946AF-0556-4D38-AE4E-15990146F211}\40.0.2214.115_chrome_installer.exe --a---- 41186896 bytes [16:21 03/03/2015] [16:21 03/03/2015] C5FD49B0561203A17BBF947738CB124A
C:\$RECYCLE.BIN\S-1-5-21-2447949755-921433259-1447528216-1001\$RQTI8MP\Update\Install\{FC64F8DF-1D76-493B-9C22-700AC5D8C00F}\41.0.2272.76_chrome_installer.exe --a---- 41424976 bytes [09:45 04/03/2015] [09:44 04/03/2015] B396940887A697BD797DC2EB20EA2E19
C:\FRST\Quarantine\C\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd\181_0\notifier-chrome.js --a---- 9282 bytes [14:29 01/03/2015] [09:30 24/02/2015] 731673E59208C4ADAEE890BE0A8C0B3B
C:\Program Files\AVAST Software\Avast\WebRep\Chrome\AswWebRepChrome.crx --a---- 463338 bytes [09:18 02/03/2015] [09:18 02/03/2015] C4D30633A49410C5CD91E4207FA7762B
C:\Program Files\AVAST Software\Avast\WebRep\Chrome\AswWebRepChrome.ver --a---- 16 bytes [09:18 02/03/2015] [09:18 02/03/2015] 911919436E7E05EB0DB7D895A5A16289
C:\Program Files\AVAST Software\Avast\WebRep\Chrome\AswWebRepChromeSp.crx --a---- 281867 bytes [09:18 02/03/2015] [09:18 02/03/2015] 2AAAE8B072E4B17DF779EA15CE154F5A
C:\Program Files\AVAST Software\Avast\WebRep\Chrome\AswWebRepChromeSp.ver --a---- 16 bytes [09:18 02/03/2015] [09:18 02/03/2015] 911919436E7E05EB0DB7D895A5A16289
C:\Program Files\AVAST Software\Avast\WebRep\FF\chrome.manifest --a---- 1863 bytes [09:18 02/03/2015] [09:18 02/03/2015] 01DB844EDE15B6D96708A2421825895D
C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\42.0.2311.15\42.0.2311.15_42.0.2311.11_chrome_updater.exe --a---- 2152528 bytes [10:01 04/03/2015] [10:01 04/03/2015] 0EE989E36A96F088AA8AB2F4D7CBCBB2
C:\Program Files\Google\Update\Install\{178B2E94-9857-4B9C-BE10-1B154CC4B885}\41.0.2272.76_chrome_installer.exe --a---- 41424976 bytes [10:06 04/03/2015] [10:06 04/03/2015] B396940887A697BD797DC2EB20EA2E19
C:\Program Files\Google\Update\Install\{29ABFD9D-8024-4D51-9F26-36A1CB682900}\42.0.2311.15_42.0.2311.11_chrome_updater.exe --a---- 2152528 bytes [08:01 05/03/2015] [10:01 04/03/2015] 0EE989E36A96F088AA8AB2F4D7CBCBB2
C:\Program Files\Google\Update\Install\{3A6DC94A-64AF-4C3D-8802-93C8A27177A1}\42.0.2311.15_42.0.2311.11_chrome_updater.exe --a---- 2152528 bytes [22:13 04/03/2015] [10:01 04/03/2015] 0EE989E36A96F088AA8AB2F4D7CBCBB2
C:\Program Files\Google\Update\Install\{50DDBD60-3281-459E-BA49-6B94D447D4B7}\42.0.2311.15_42.0.2311.11_chrome_updater.exe --a---- 2152528 bytes [14:05 05/03/2015] [10:01 04/03/2015] 0EE989E36A96F088AA8AB2F4D7CBCBB2
C:\Program Files\Google\Update\Install\{82F39CE5-EC82-4587-AF7B-ABFCEF895B67}\42.0.2311.15_42.0.2311.11_chrome_updater.exe --a---- 2152528 bytes [10:01 04/03/2015] [10:01 04/03/2015] 0EE989E36A96F088AA8AB2F4D7CBCBB2
C:\Program Files\Google\Update\Install\{F31E56CB-3A2C-4E31-9788-502568D1D866}\41.0.2272.76_chrome_installer.exe --a---- 41424976 bytes [09:58 04/03/2015] [09:57 04/03/2015] B396940887A697BD797DC2EB20EA2E19
C:\Program Files\Google\Update\Install\{F92652D8-AE14-47A0-A6E9-EBADADAADCE0}\42.0.2311.15_42.0.2311.11_chrome_updater.exe --a---- 2152528 bytes [15:01 04/03/2015] [10:01 04/03/2015] 0EE989E36A96F088AA8AB2F4D7CBCBB2
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.2.233_x86__8wekyb3d8bbwe\css\hotelArticleChrome.css --a---- 115544 bytes [07:40 18/03/2014] [07:40 18/03/2014] 7058E2A99630402EBF396712F08A6305
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.2.233_x86__8wekyb3d8bbwe\css\articleReader\fodorsArChrome.css --a---- 116443 bytes [07:40 18/03/2014] [07:40 18/03/2014] 331A02B9BB538A3630F3556E1A7EECA0
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.2.233_x86__8wekyb3d8bbwe\css\articleReader\frommersArChrome.css --a---- 117717 bytes [07:40 18/03/2014] [07:40 18/03/2014] 36311F3C797C88892280A6B52C095FFE
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.2.233_x86__8wekyb3d8bbwe\css\articleReader\lonelyPlanetArChrome.css --a---- 120257 bytes [07:40 18/03/2014] [07:40 18/03/2014] 2B3AE5661D593FD605905C1E6768E504
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.2.233_x86__8wekyb3d8bbwe\css\articleReader\michelinArAttractionsChrome.css --a---- 124724 bytes [07:40 18/03/2014] [07:40 18/03/2014] 4A909FE2878DB21E932198A50C49B534
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.2.233_x86__8wekyb3d8bbwe\css\articleReader\michelinArChrome.css --a---- 117717 bytes [07:40 18/03/2014] [07:40 18/03/2014] 2E225088B2839800509BC94B3FEBC7FC
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.2.233_x86__8wekyb3d8bbwe\css\articleReader\michelinArHotelsChrome.css --a---- 121539 bytes [07:40 18/03/2014] [07:40 18/03/2014] 7357FBDE6CEF82AE32727FA193DDA91A
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.2.233_x86__8wekyb3d8bbwe\css\articleReader\michelinArRestaurantsChrome.css --a---- 124724 bytes [07:40 18/03/2014] [07:40 18/03/2014] 92FB7FAD7144E3B6280F1023B0220884
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.2.233_x86__8wekyb3d8bbwe\css\articleReader\tripAdvisorArChrome.css --a---- 119628 bytes [07:40 18/03/2014] [07:40 18/03/2014] 05B9A675CEC26316EA6340E0ECB9D847
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x86__8wekyb3d8bbwe\css\hotelArticleChrome.css --a---- 116382 bytes [09:46 03/03/2015] [09:46 03/03/2015] E9BD63249DC5F3FDB28BE65F3AC40144
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x86__8wekyb3d8bbwe\css\articleReader\fodorsArChrome.css --a---- 117283 bytes [09:46 03/03/2015] [09:46 03/03/2015] 92C8967F6E4BCBF23035D4D8CF68FDCA
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x86__8wekyb3d8bbwe\css\articleReader\frommersArChrome.css --a---- 118561 bytes [09:46 03/03/2015] [09:46 03/03/2015] 73938E530CC7E9649DCEFDFE21B0713E
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x86__8wekyb3d8bbwe\css\articleReader\lonelyPlanetArChrome.css --a---- 121109 bytes [09:46 03/03/2015] [09:46 03/03/2015] 07B87846FE79218CF4D2A0FC14D1C47F
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x86__8wekyb3d8bbwe\css\articleReader\michelinArAttractionsChrome.css --a---- 125590 bytes [09:46 03/03/2015] [09:46 03/03/2015] D9D62761D440395A5D0870CE304504A4
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x86__8wekyb3d8bbwe\css\articleReader\michelinArChrome.css --a---- 118561 bytes [09:46 03/03/2015] [09:46 03/03/2015] A6F4DDABE9B1B03915E63B7C61B17E09
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x86__8wekyb3d8bbwe\css\articleReader\michelinArHotelsChrome.css --a---- 122395 bytes [09:46 03/03/2015] [09:46 03/03/2015] 01A4370631162AC427BB5E1386D4193D
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x86__8wekyb3d8bbwe\css\articleReader\michelinArRestaurantsChrome.css --a---- 125590 bytes [09:46 03/03/2015] [09:46 03/03/2015] 4DC5445FE1808C2082EEA1B498C24EBD
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x86__8wekyb3d8bbwe\css\articleReader\tripAdvisorArChrome.css --a---- 120478 bytes [09:46 03/03/2015] [09:46 03/03/2015] 3F8FCA1A0A2E62B73249E522FA73A6C8
C:\Users\Default\AppData\Local\Pokki\Engine\chrome.pak --a---- 4458976 bytes [12:29 30/11/2014] [16:33 17/01/2014] 7504EAED1D808A15BB420629855A51B5
C:\Users\Default\AppData\Local\Pokki\Engine\chrome_100_percent.pak --a---- 719929 bytes [12:29 30/11/2014] [16:33 17/01/2014] B9CF18EF93CB6E0D85F80C70B90235E4
C:\Users\Default\AppData\Local\Pokki\Engine\chrome_touch_100_percent.pak --a---- 496002 bytes [12:29 30/11/2014] [16:33 17/01/2014] 3E60561F947799A32E5163135EE479D4
C:\Users\Default\AppData\Local\Pokki\Engine\chrome_touch_140_percent.pak --a---- 506739 bytes [12:29 30/11/2014] [16:33 17/01/2014] B147B586343F102D7D7EBBDB3033C8B2
C:\Users\Default\AppData\Local\Pokki\Engine\chrome_touch_180_percent.pak --a---- 517500 bytes [12:29 30/11/2014] [16:33 17/01/2014] 628A1E7A4EFF66EC4493C3CC3F1430D2
C:\Users\Default\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll --a---- 569856 bytes [12:29 30/11/2014] [16:32 17/01/2014] 9FF54FD4C2CE27A99F7FF0F1F48BE05B
C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\ChromeDWriteFontCache --a---- 26046181 bytes [06:58 02/03/2015] [06:58 02/03/2015] E88A854A27699A7494D8A6EC698289B3
C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chlffgpmiacpedhhbkiomidkjlcfhogd_0.localstorage --a---- 3072 bytes [09:29 03/03/2015] [09:39 03/03/2015] 9CF6BF0E533A6741FB8085B7BCB2CB85
C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gomekmidlodglbbmalcneegieacbdmki_0.localstorage --a---- 116736 bytes [09:29 03/03/2015] [15:32 03/03/2015] CDF5054BEC54BFCF97C1566BB49430D3
C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage --a---- 3072 bytes [09:29 03/03/2015] [09:29 03/03/2015] 4DFE4268753C3435288E28254DB871B6
C:\Users\Esther\AppData\Local\Pokki\Engine\chrome.pak --a---- 4458976 bytes [14:14 01/03/2015] [16:33 17/01/2014] 7504EAED1D808A15BB420629855A51B5
C:\Users\Esther\AppData\Local\Pokki\Engine\chrome_100_percent.pak --a---- 719929 bytes [14:14 01/03/2015] [16:33 17/01/2014] B9CF18EF93CB6E0D85F80C70B90235E4
C:\Users\Esther\AppData\Local\Pokki\Engine\chrome_touch_100_percent.pak --a---- 496002 bytes [14:14 01/03/2015] [16:33 17/01/2014] 3E60561F947799A32E5163135EE479D4
C:\Users\Esther\AppData\Local\Pokki\Engine\chrome_touch_140_percent.pak --a---- 506739 bytes [14:14 01/03/2015] [16:33 17/01/2014] B147B586343F102D7D7EBBDB3033C8B2
C:\Users\Esther\AppData\Local\Pokki\Engine\chrome_touch_180_percent.pak --a---- 517500 bytes [14:14 01/03/2015] [16:33 17/01/2014] 628A1E7A4EFF66EC4493C3CC3F1430D2
C:\Users\Esther\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll --a---- 569856 bytes [14:14 01/03/2015] [16:32 17/01/2014] 9FF54FD4C2CE27A99F7FF0F1F48BE05B
C:\Users\Esther\AppData\Local\Temp\chrome_installer.log --a---- 55583 bytes [15:32 03/03/2015] [10:07 04/03/2015] 6967164C8659AFE5783DBEC773ADB222
C:\Users\Esther\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_knohfebhibeknbfioecpdmdkjkjdnjnl_0.localstorage --a---- 3072 bytes [16:28 03/03/2015] [09:14 04/03/2015] 16C16EA60AE3B3A3849D19ED430B1130
C:\Users\Esther\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_knohfebhibeknbfioecpdmdkjkjdnjnl_0.localstorage-journal --a---- 3608 bytes [09:14 04/03/2015] [09:14 04/03/2015] F2D64CD43CBD57D89E8F16BBCC420981
C:\Users\Esther\Downloads\ChromeSetup (1).exe --a---- 880208 bytes [11:21 04/03/2015] [11:21 04/03/2015] C4D7981988228060076DA38B3A508406
C:\Users\Esther\Downloads\ChromeSetup.exe --a---- 880208 bytes [09:56 04/03/2015] [09:56 04/03/2015] CDAB92DB681AFA4EBB71C685EA63290D
C:\Users\Esther\OneDrive\Downloads\chromeinstall-8u31 (1).exe --ahs-- 639400 bytes [14:20 01/03/2015] [14:20 01/03/2015] (Unable to calculate MD5)
C:\Users\Esther\OneDrive\Downloads\chromeinstall-8u31.exe --ahs-- 639400 bytes [14:20 01/03/2015] [14:57 25/01/2015] (Unable to calculate MD5)
C:\Users\Esther\OneDrive\Downloads\ChromeSetup.exe --ahs-- 880784 bytes [14:20 01/03/2015] [14:26 24/01/2015] (Unable to calculate MD5)
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\chrome.browser --a---- 2107 bytes [08:17 22/08/2013] [08:16 22/08/2013] 8C54E6C4F9E0CC3274EA6D04AAE9436B
C:\Windows\Prefetch\41.0.2272.76_CHROME_INSTALLER-5CF69D24.pf --a---- 23042 bytes [10:06 04/03/2015] [10:06 04/03/2015] 597B341C1DD258C15D9D73C505BB3836
C:\Windows\Prefetch\41.0.2272.76_CHROME_INSTALLER-8346AA2A.pf --a---- 22336 bytes [09:45 04/03/2015] [09:45 04/03/2015] B6EADA980BB76AFDB0C6F9E7EE7970BE
C:\Windows\Prefetch\41.0.2272.76_CHROME_INSTALLER-95A9EA61.pf --a---- 22912 bytes [09:45 04/03/2015] [09:45 04/03/2015] 0265ED61778FF2A5B0330368D136897B
C:\Windows\Prefetch\41.0.2272.76_CHROME_INSTALLER-97BD3AB1.pf --a---- 26882 bytes [09:58 04/03/2015] [09:58 04/03/2015] 81C9492A4FEDC426689FDCE6490EEE92
C:\Windows\Prefetch\CHROME.EXE-AED7BA3C.pf --a---- 73112 bytes [14:28 01/03/2015] [15:32 03/03/2015] 865886E6313097EE85DB27F2A2C32D81
C:\Windows\Prefetch\CHROMESETUP (1).EXE-1225712D.pf --a---- 82450 bytes [09:45 04/03/2015] [09:45 04/03/2015] DBAD6CB1A5E0C41142C422BD6C781CDF
C:\Windows\Prefetch\CHROMESETUP.EXE-5A7C15AB.pf --a---- 182442 bytes [09:43 04/03/2015] [10:05 04/03/2015] 0967594E39621760764A600F38329D83
C:\Windows\Prefetch\CHROMESTANDALONESETUP.EXE-A8F97340.pf --a---- 215902 bytes [15:51 03/03/2015] [09:42 04/03/2015] 2E261F4867344E03E8408F983E296424
C:\Windows\Prefetch\CHROME_INSTALLER.EXE-E21CDA14.pf --a---- 26956 bytes [09:42 04/03/2015] [09:42 04/03/2015] 87E61428AAF0DCA1A63C78193D9116BE
C:\Windows\WinSxS\x86_netfx4-browser_files_b03f5f7f11d50a3a_4.0.9600.16384_none_27e9d481c87f8327\chrome.browser --a---- 2107 bytes [23:36 21/08/2013] [12:28 18/06/2013] 8C54E6C4F9E0CC3274EA6D04AAE9436B

========== regfind ==========

Searching for "Chrome"
[HKEY_CURRENT_USER\Software\AVAST Software\Avast Browser Cleanup]
"chrome_SP"="A8691B5B96121339953DB56B4859A4A7B7294D446741D5001CADE561D42F3C10"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet]
@="Google Chrome"
[HKEY_CURRENT_USER\Software\Google\Chrome]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\fbf88501_0]
@="{2}.\\?\acpi#80860f28#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\topologyihf/00010001|\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\http\UserChoice]
"ProgId"="ChromeHTML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\https\UserChoice]
"ProgId"="ChromeHTML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice]
"ProgId"="ChromeHTML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice]
"ProgId"="ChromeHTML"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\DefaultBrowser_NOPUBLISHERID\Server\DefaultBrowserServer]
"ExePath"="C:\Program Files\Google\Chrome\Application\chrome.exe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\DefaultBrowser_NOPUBLISHERID\Server\DefaultBrowserServer]
"AppUserModelId"="DefaultBrowser_NOPUBLISHERID!Chrome"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.File\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.Default BrowserActivatableClass]
"Icon"="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.File\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.Default BrowserActivatableClass]
"DisplayName"="Google Chrome"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.Defau ltBrowserActivatableClass]
"Icon"="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.Defau ltBrowserActivatableClass]
"DisplayName"="Google Chrome"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.Def aultBrowserActivatableClass]
"Icon"="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.Def aultBrowserActivatableClass]
"DisplayName"="Google Chrome"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.Defau ltBrowserActivatableClass]
"Icon"="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.Defau ltBrowserActivatableClass]
"DisplayName"="Google Chrome"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Chrom e]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Chrom e]
"AppName"="Google Chrome"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Chrom e]
"Image"="C:\Program Files\Google\Chrome\Application\42.0.2311.11\VisualElements\splash-620x300.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids]
"ChromeHTML"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome]
@="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationDescription"="Google Chrome ist ein Webbrowser, der Webseiten und Apps in Sekundenschnelle lädt und dabei äußerst stabil und nutzerfreundlich ist. Dank des integrierten Malware- und Phishing-Schutzes können Sie bedenkenlos im Internet surfen."
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationIcon"="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationName"="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".htm"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".html"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".shtml"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xht"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xhtml"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".webp"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\Startmenu]
"StartMenuInternet"="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"ftp"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"http"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"https"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"irc"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"mailto"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"mms"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"news"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"nntp"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"sms"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"smsto"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"tel"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"urn"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"webcal"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\DefaultIcon]
@="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"=""C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"HideIconsCommand"=""C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ShowIconsCommand"=""C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@=""C:\Program Files\Google\Chrome\Application\chrome.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"name"="Google Chrome binaries"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"name"="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\on-os-upgrade]
"CommandLine"=""C:\Program Files\Google\Chrome\Application\42.0.2311.11\Installer\setup.exe" --on-os-upgrade --multi-install --chrome --system-level --verbose-logging"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}]
"name"="Google Chrome App Launcher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"UninstallString"="C:\Program Files\Google\Chrome\Application\42.0.2311.11\Installer\setup.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"ap"="2.0-dev-multi-chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallString"="C:\Program Files\Google\Chrome\Application\42.0.2311.11\Installer\setup.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallArguments"=" --uninstall --multi-install --chrome --system-level"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastInstallerResultUIString"="This computer already has a more recent version of the Google Chrome components. Please use a more recent installer."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
@="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"=""C:\Program Files\Google\Chrome\Application\42.0.2311.11\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Localized Name"="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\chrome.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Installer\Components\613B99D5CFD7FCB4793B500086BB4113]
"{E83B4360-C208-4325-9504-0D23003A74A5},AppSharingChromeHook.x86.dll"="yh1BV3!!!!!!!!!MKKSkGimme_OnDemandData<LyncCoreFiles"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\chrome.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Nitro\Pro\9.0\settings\Preferences\kPreferences]
"kPrefConvertPDFToImageMonochrome"="/i 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"Google Chrome"="Software\Clients\StartMenuInternet\Google Chrome\Capabilities"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\Software\AVAST Software\Avast Browser Cleanup]
"chrome_SP"="A8691B5B96121339953DB56B4859A4A7B7294D446741D5001CADE561D42F3C10"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Clients\StartMenuInternet]
@="Google Chrome"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Google\Chrome]
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\fbf88501_0]
@="{2}.\\?\acpi#80860f28#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\topologyihf/00010001|\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\http\UserChoice]
"ProgId"="ChromeHTML"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\https\UserChoice]
"ProgId"="ChromeHTML"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice]
"ProgId"="ChromeHTML"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice]
"ProgId"="ChromeHTML"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Classes\ActivatableClasses\Package\DefaultBrowser_NOPUBLISHERID\Server\DefaultBrowserServer]
"ExePath"="C:\Program Files\Google\Chrome\Application\chrome.exe"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Classes\ActivatableClasses\Package\DefaultBrowser_NOPUBLISHERID\Server\DefaultBrowserServer]
"AppUserModelId"="DefaultBrowser_NOPUBLISHERID!Chrome"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Classes\Extensions\ContractId\Windows.File\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.DefaultBrowserActiva tableClass]
"Icon"="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Classes\Extensions\ContractId\Windows.File\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.DefaultBrowserActiva tableClass]
"DisplayName"="Google Chrome"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.DefaultBrowserActi vatableClass]
"Icon"="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.DefaultBrowserActi vatableClass]
"DisplayName"="Google Chrome"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.DefaultBrowserAc tivatableClass]
"Icon"="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.DefaultBrowserAc tivatableClass]
"DisplayName"="Google Chrome"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.DefaultBrowserActi vatableClass]
"Icon"="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.DefaultBrowserActi vatableClass]
"DisplayName"="Google Chrome"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Chrom e]
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Chrom e]
"AppName"="Google Chrome"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Chrom e]
"Image"="C:\Program Files\Google\Chrome\Application\42.0.2311.11\VisualElements\splash-620x300.png"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\ActivatableClasses\Package\DefaultBrowser_NOPUBLISHERID\Server\DefaultBrowserServer]
"ExePath"="C:\Program Files\Google\Chrome\Application\chrome.exe"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\ActivatableClasses\Package\DefaultBrowser_NOPUBLISHERID\Server\DefaultBrowserServer]
"AppUserModelId"="DefaultBrowser_NOPUBLISHERID!Chrome"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\Extensions\ContractId\Windows.File\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.DefaultBrowserActivatableClas s]
"Icon"="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\Extensions\ContractId\Windows.File\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.DefaultBrowserActivatableClas s]
"DisplayName"="Google Chrome"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\Extensions\ContractId\Windows.Launch\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.DefaultBrowserActivatableCl ass]
"Icon"="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\Extensions\ContractId\Windows.Launch\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.DefaultBrowserActivatableCl ass]
"DisplayName"="Google Chrome"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\Extensions\ContractId\Windows.Protocol\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.DefaultBrowserActivatable Class]
"Icon"="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\Extensions\ContractId\Windows.Protocol\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.DefaultBrowserActivatable Class]
"DisplayName"="Google Chrome"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\Extensions\ContractId\Windows.Search\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.DefaultBrowserActivatableCl ass]
"Icon"="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\Extensions\ContractId\Windows.Search\PackageId\DefaultBrowser_NOPUBLISHERID\ActivatableClassId\DefaultBrowser.DefaultBrowserActivatableCl ass]
"DisplayName"="Google Chrome"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Chrom e]
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Chrom e]
"AppName"="Google Chrome"
[HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Chrom e]
"Image"="C:\Program Files\Google\Chrome\Application\42.0.2311.11\VisualElements\splash-620x300.png"

Searching for " "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Enabled="true" > <InitializationParameters> <Param Name="PSVersion" Value="4.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Reso
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell.Workflow]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell.workflow" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" UseSharedProcess="true" ProcessIdleTimeoutSec="1209600" RunAsUser="" RunAsPassword="" AutoRestart="false" Enabled="true" > <InitializationParameters> <Param Name="PSVersion" Value="4.0"/> <Param Name="AssemblyName" Value="Microsoft.PowerShell.Workflow.ServiceCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"/> <Param Name="PSSessionConfigurationTypeName" Value="Microsoft.PowerShell.Workflow.PSWorkflowSessionConfiguration"/> <Param Name="SessionConfigurationData" Value="

-= EOF =-

schrauber 06.03.2015 10:15
https://www.google.com/chrome/srt/

Bitte mal das Tool laufen lassen.

EsleTra 06.03.2015 10:58
[0306/105458:INFO:scoped_logging.cc(46)] Starting logs for version: 2.7.2
[0306/105504:INFO:chrome_cleaner_main.cc(112)] Successfully re-launched elevated.
[0306/105504:INFO:chrome_cleaner_main.cc(263)] Exiting with code: 0
[0306/105504:INFO:chrome_cleaner_main.cc(278)] Self-deleting.
[0306/105504:WARNING:logging_service.cc(193)] The last 3 log lines have not been uploaded to Safe Browsing.
[0306/105504:INFO:scoped_logging.cc(46)] Starting logs for version: 2.7.2
[0306/105504:INFO:chrome_cleaner_main.cc(237)] --elevated
[0306/105505:INFO:recovery_component.cc(183)] Sent request to download Recovery Component.
[0306/105506:INFO:main_controller.cc(181)] No PUPS found
[0306/105506:INFO:chrome_profile_reset_component.cc(116)] Using Old version field from registry. Update in progress?
[0306/105506:INFO:chrome_profile_reset_component.cc(126)] Found Compatible Chrome version: 42.0.2311.22
[0306/105510:INFO:recovery_component.cc(150)] Recovery Component successfully downloaded.
[0306/105513:INFO:recovery_component.cc(124)] ChromeRecovery returned code: 1
[0306/105513:INFO:chrome_profile_reset_component.cc(116)] Using Old version field from registry. Update in progress?
[0306/105513:INFO:chrome_profile_reset_component.cc(126)] Found Compatible Chrome version: 42.0.2311.22
[0306/105513:INFO:chrome_profile_reset_component.cc(83)] Found C:\Program Files\Google\Chrome\Application\chrome.exe
[0306/105514:INFO:safe_browsing_reporter.cc(116)] OnURLFetchUploadProgress(1025/1025).
[0306/105514:INFO:chrome_cleaner_main.cc(263)] Exiting with code: 2
[0306/105514:INFO:chrome_cleaner_main.cc(278)] Self-deleting.
[0306/105514:WARNING:logging_service.cc(193)] The last 3 log lines have not been uploaded to Safe Browsing.

Chrom ist seit heute morgen wieder auf dem PC. (War dann einfach wieder da)
Läuft auch ohne weiter Probleme.

schrauber 06.03.2015 16:24
Supi. Bestehen aktuell noch Probleme? Wenn nicht räumen wir noch auf :)

EsleTra 06.03.2015 16:33
Aktuell gibt's keine Probleme mehr :-)

schrauber 07.03.2015 12:48
http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

EsleTra 08.03.2015 09:53
[0306/105458:INFO:scoped_logging.cc(46)] Starting logs for version: 2.7.2
[0306/105504:INFO:chrome_cleaner_main.cc(112)] Successfully re-launched elevated.
[0306/105504:INFO:chrome_cleaner_main.cc(263)] Exiting with code: 0
[0306/105504:INFO:chrome_cleaner_main.cc(278)] Self-deleting.
[0306/105504:WARNING:logging_service.cc(193)] The last 3 log lines have not been uploaded to Safe Browsing.
[0306/105504:INFO:scoped_logging.cc(46)] Starting logs for version: 2.7.2
[0306/105504:INFO:chrome_cleaner_main.cc(237)] --elevated
[0306/105505:INFO:recovery_component.cc(183)] Sent request to download Recovery Component.
[0306/105506:INFO:main_controller.cc(181)] No PUPS found
[0306/105506:INFO:chrome_profile_reset_component.cc(116)] Using Old version field from registry. Update in progress?
[0306/105506:INFO:chrome_profile_reset_component.cc(126)] Found Compatible Chrome version: 42.0.2311.22
[0306/105510:INFO:recovery_component.cc(150)] Recovery Component successfully downloaded.
[0306/105513:INFO:recovery_component.cc(124)] ChromeRecovery returned code: 1
[0306/105513:INFO:chrome_profile_reset_component.cc(116)] Using Old version field from registry. Update in progress?
[0306/105513:INFO:chrome_profile_reset_component.cc(126)] Found Compatible Chrome version: 42.0.2311.22
[0306/105513:INFO:chrome_profile_reset_component.cc(83)] Found C:\Program Files\Google\Chrome\Application\chrome.exe
[0306/105514:INFO:safe_browsing_reporter.cc(116)] OnURLFetchUploadProgress(1025/1025).
[0306/105514:INFO:chrome_cleaner_main.cc(263)] Exiting with code: 2
[0306/105514:INFO:chrome_cleaner_main.cc(278)] Self-deleting.
[0306/105514:WARNING:logging_service.cc(193)] The last 3 log lines have not been uploaded to Safe Browsing.
[0307/184649:INFO:scoped_logging.cc(46)] Starting logs for version: 2.7.2
[0307/184656:INFO:chrome_cleaner_main.cc(112)] Successfully re-launched elevated.
[0307/184656:INFO:chrome_cleaner_main.cc(263)] Exiting with code: 0
[0307/184656:INFO:chrome_cleaner_main.cc(278)] Self-deleting.
[0307/184656:WARNING:logging_service.cc(193)] The last 3 log lines have not been uploaded to Safe Browsing.
[0307/184656:INFO:scoped_logging.cc(46)] Starting logs for version: 2.7.2
[0307/184656:INFO:chrome_cleaner_main.cc(237)] --elevated
[0307/184658:INFO:recovery_component.cc(183)] Sent request to download Recovery Component.
[0307/184659:INFO:main_controller.cc(181)] No PUPS found
[0307/184659:INFO:chrome_profile_reset_component.cc(116)] Using Old version field from registry. Update in progress?
[0307/184659:INFO:chrome_profile_reset_component.cc(126)] Found Compatible Chrome version: 42.0.2311.22
[0307/184702:INFO:recovery_component.cc(150)] Recovery Component successfully downloaded.
[0307/184714:INFO:recovery_component.cc(124)] ChromeRecovery returned code: 1
[0307/184714:INFO:chrome_profile_reset_component.cc(116)] Using Old version field from registry. Update in progress?
[0307/184714:INFO:chrome_profile_reset_component.cc(126)] Found Compatible Chrome version: 42.0.2311.22
[0307/184714:INFO:chrome_profile_reset_component.cc(83)] Found C:\Program Files\Google\Chrome\Application\chrome.exe
[0307/184715:INFO:chrome_cleaner_main.cc(263)] Exiting with code: 2
[0307/184715:INFO:chrome_cleaner_main.cc(278)] Self-deleting.
[0307/184715:WARNING:logging_service.cc(193)] The last 2 log lines have not been uploaded to Safe Browsing.

Habe gestern Abend Emsisoft Scannen lassen und es wurden noch 32 Dateien von dem Superfish gefunden.

Emsisoft Anti-Malware v. 9.0.0.4985
(C) 2003-2014 Emsisoft - Emsisoft Anti-Malware: Your ultimate weapon against all Internet threats

ID Object
0 Value: HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS erkannt: Setting.DisableRegistryTools (A)
1 Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\NETWORK\VISUALDISCOVERY erkannt: Adware.Superfish (A)
2 Value: HKEY_USERS\S-1-5-21-2447949755-921433259-1447528216-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR erkannt: Setting.DisableTaskMgr (A)
3 Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\NETWORK\VDWFP erkannt: Adware.Superfish (A)
4 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{AD063C0E-0FE1-4772-B29B-679ACE94818F} erkannt: Adware.Superfish (A)
5 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649} erkannt: Adware.Superfish (A)
6 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\VISUALDISCOVERY.EXE erkannt: Adware.Superfish (A)
7 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC} erkannt: Adware.Superfish (A)
8 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86} erkannt: Adware.Superfish (A)
9 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATACONTROLLER erkannt: Adware.Superfish (A)
10 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATACONTAINER.1 erkannt: Adware.Superfish (A)
11 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9} erkannt: Adware.Superfish (A)
12 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{8128586C-DF69-4266-873F-CF4C6F705A7C} erkannt: Adware.Superfish (A)
13 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATACONTROLLER.1 erkannt: Adware.Superfish (A)
14 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLE erkannt: Adware.Superfish (A)
15 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATACONTAINER erkannt: Adware.Superfish (A)
16 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLE.1 erkannt: Adware.Superfish (A)
17 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{617E26CE-E6E1-4C75-A68A-A001F2B98491} erkannt: Adware.Superfish (A)
18 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F} erkannt: Adware.Superfish (A)
19 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E} erkannt: Adware.Superfish (A)
20 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845} erkannt: Adware.Superfish (A)
21 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.READONLYMANAGER.1 erkannt: Adware.Superfish (A)
22 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.READONLYMANAGER erkannt: Adware.Superfish (A)
23 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLEFIELDS erkannt: Adware.Superfish (A)
24 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.WFPCONTROLLER erkannt: Adware.Superfish (A)
25 Key: HKEY_LOCAL_MACHINE\SOFTWARE\LENOVO\VISUALDISCOVERY erkannt: Adware.Superfish (A)
26 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.LSPLOGIC erkannt: Adware.Superfish (A)
27 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLEHOLDER erkannt: Adware.Superfish (A)
28 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLEFIELDS.1 erkannt: Adware.Superfish (A)
29 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLEHOLDER.1 erkannt: Adware.Superfish (A)
30 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.LSPLOGIC.1 erkannt: Adware.Superfish (A)
31 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.WFPCONTROLLER.1 erkannt: Adware.Superfish (A)

schrauber 08.03.2015 15:55
Haste die Funde löschen lassen?

EsleTra 08.03.2015 18:46
ja habe sie gelöscht. lasse das Programm noch mal durchlaufen.

schrauber 08.03.2015 19:40
ok.

EsleTra 09.03.2015 16:59
Emsisoft Anti-Malware - Version 9.0
Letztes Update: 08.03.2015 18:44:32
Benutzerkonto: LENOVO-PC\Esther

Scan-Einstellungen:

Scan Methode: Smart Scan
Objekte: Rootkits, Speicher, Traces, C:\WINDOWS\, C:\Program Files\

PUPs-Erkennung: An
Archiv-Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan-Beginn: 08.03.2015 18:45:40

Gescannt 185411
Gefunden 0

Scan-Ende: 09.03.2015 04:13:13
Scan-Zeit: 9:27:33
Emsisoft Anti-Malware - Version 9.0
Letztes Update: 08.03.2015 18:44:32
Benutzerkonto: LENOVO-PC\Esther

Scan-Einstellungen:

Scan Methode: Smart Scan
Objekte: Rootkits, Speicher, Traces, C:\WINDOWS\, C:\Program Files\

PUPs-Erkennung: An
Archiv-Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan-Beginn: 08.03.2015 18:45:40

Gescannt 185411
Gefunden 0

Scan-Ende: 09.03.2015 04:13:13
Scan-Zeit: 9:27:33

schrauber 10.03.2015 09:31
noch probleme? :)

EsleTra 10.03.2015 10:16
Danke nein. Der letzte Scann war sauber.

schrauber 10.03.2015 19:47
ok :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:39 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19