Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.08.2014, 11:48   #1
Mappin
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig



Hey Leute,

vor etwa einer Stunde haben sich in meinem Google Chrome Browser mehrere Tabs mit diesem Link geöffnet: ACHTUNG Nicht draufklicken: hxxp://98uj8.de/s3brsn5ba66mgfzeinrum#ad . Daraufhin habe ich erstmal meinen Laptop ausgeschaltet.

Habe auch schon mit GMER gescant. (Anhang)

Beim öffnen von FRST kommt folgendes: hxxp://prntscr.com/48gcwu


MfG Marvin

Alt 01.08.2014, 11:52   #2
M-K-D-B
/// TB-Ausbilder
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Klicke bei der Windows-Meldung auf Weitere Informationen, dort kannst du FRST.exe dann trotzdem ausführen lassen.
__________________

__________________

Alt 01.08.2014, 11:57   #3
Mappin
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig



Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-01 12:40:34
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000039 ST9500325AS rev.0001SDM1 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Acer\AppData\Local\Temp\fwloypow.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\Windows\system32\ntoskrnl.exe!KiCpuId + 988                                                                                    fffff802aced83dc 1 byte [31]

---- User code sections - GMER 2.1 ----

.text   C:\windows\system32\mfevtps.exe[1804] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306                                000007fefd79177a 4 bytes [79, FD, FE, 07]
.text   C:\windows\system32\mfevtps.exe[1804] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314                                000007fefd791782 4 bytes [79, FD, FE, 07]
.text   C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2476] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306       000007fefd79177a 4 bytes [79, FD, FE, 07]
.text   C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2476] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314       000007fefd791782 4 bytes [79, FD, FE, 07]
.text   C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4388] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306      000007fefd79177a 4 bytes [79, FD, FE, 07]
.text   C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4388] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314      000007fefd791782 4 bytes [79, FD, FE, 07]
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW                                                 000007feffcc259c 8 bytes JMP 000007fffd1a0340
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW                                               000007feffcc6b00 9 bytes JMP 000007fffd1a0298
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation                                        000007feffd45908 7 bytes JMP 000007fffd1a0260
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW                                                000007feffd61610 7 bytes JMP 000007fffd1a02d0
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW                                          000007feffd749a4 7 bytes JMP 000007fffd1a0228
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                        000007feffd74a38 8 bytes JMP 000007fffd1a01f0
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                                                 000007feffd75074 8 bytes JMP 000007fffd1a0308
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                             000007fefd1b1f70 7 bytes JMP 000007fffd1a00d8
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                  000007fefd1b1ff0 5 bytes JMP 000007fffd1a0180
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                           000007fefd1b5880 5 bytes JMP 000007fffd1a0110
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                               000007fefd1b8650 6 bytes JMP 000007fffd1a0148
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW                                         000007fefd1e0510 5 bytes JMP 000007fffd1a01b8
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\system32\USER32.dll!CreateWindowExW                                                  000007feffb5c5b0 7 bytes JMP 000007fffd1a0420
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo                                       000007feffb631f0 1 byte JMP 000007fffd1a0378
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2                                   000007feffb631f2 7 bytes {JMP 0xfffffffffd63d188}
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW                                              000007feffb633e0 5 bytes JMP 000007fffd1a03e8
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                                              000007feffb67160 5 bytes JMP 000007fffd1a03b0
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                            000007fefde71070 8 bytes JMP 000007fffd1a0490
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                          000007fefde90bd0 8 bytes JMP 000007fffd1a0458
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1                                                 000007fefb596d10 5 bytes JMP 000007fffb580110
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\system32\dxgi.dll!CreateDXGIFactory                                                  000007fefb59d060 5 bytes JMP 000007fffb5800d8
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                              000007fef9521532 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                              000007fef952153a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\dwm.exe[1072] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                            000007fef952165a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\rundll32.exe[6760] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                         000007fef9521532 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\rundll32.exe[6760] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                         000007fef952153a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\rundll32.exe[6760] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                       000007fef952165a 4 bytes [52, F9, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3300] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                 000007fef9521532 4 bytes [52, F9, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3300] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                 000007fef952153a 4 bytes [52, F9, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3300] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246               000007fef952165a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\nvvsvc.exe[1688] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                           000007fef9521532 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\nvvsvc.exe[1688] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                           000007fef952153a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\nvvsvc.exe[1688] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                         000007fef952165a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\nvvsvc.exe[1688] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                 000007fefd79177a 4 bytes [79, FD, FE, 07]
.text   C:\Windows\system32\nvvsvc.exe[1688] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                 000007fefd791782 4 bytes [79, FD, FE, 07]
.text   C:\Windows\system32\taskhostex.exe[5200] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                       000007fef9521532 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\taskhostex.exe[5200] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                       000007fef952153a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\taskhostex.exe[5200] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                     000007fef952165a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\Explorer.EXE[5412] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                                      000007fef4121b32 4 bytes [12, F4, FE, 07]
.text   C:\Windows\Explorer.EXE[5412] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                                      000007fef4121b3a 4 bytes [12, F4, FE, 07]
.text   C:\Windows\Explorer.EXE[5412] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                  000007fef9521532 4 bytes [52, F9, FE, 07]
.text   C:\Windows\Explorer.EXE[5412] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                  000007fef952153a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\Explorer.EXE[5412] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                000007fef952165a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\Explorer.EXE[5412] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306                                        000007fefd79177a 4 bytes [79, FD, FE, 07]
.text   C:\Windows\Explorer.EXE[5412] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314                                        000007fefd791782 4 bytes [79, FD, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1284] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                   000007fef9521532 4 bytes [52, F9, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1284] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                   000007fef952153a 4 bytes [52, F9, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1284] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                 000007fef952165a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\System32\igfxtray.exe[5848] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                         000007fef9521532 4 bytes [52, F9, FE, 07]
.text   C:\Windows\System32\igfxtray.exe[5848] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                         000007fef952153a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\System32\igfxtray.exe[5848] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                       000007fef952165a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\System32\hkcmd.exe[5392] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                            000007fef9521532 4 bytes [52, F9, FE, 07]
.text   C:\Windows\System32\hkcmd.exe[5392] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                            000007fef952153a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\System32\hkcmd.exe[5392] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                          000007fef952165a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\System32\igfxpers.exe[7080] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                               000007fefd79177a 4 bytes [79, FD, FE, 07]
.text   C:\Windows\System32\igfxpers.exe[7080] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                               000007fefd791782 4 bytes [79, FD, FE, 07]
.text   C:\Windows\System32\igfxpers.exe[7080] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                         000007fef9521532 4 bytes [52, F9, FE, 07]
.text   C:\Windows\System32\igfxpers.exe[7080] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                         000007fef952153a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\System32\igfxpers.exe[7080] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                       000007fef952165a 4 bytes [52, F9, FE, 07]
.text   C:\Program Files\Elantech\ETDCtrl.exe[4420] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                    000007fef9521532 4 bytes [52, F9, FE, 07]
.text   C:\Program Files\Elantech\ETDCtrl.exe[4420] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                    000007fef952153a 4 bytes [52, F9, FE, 07]
.text   C:\Program Files\Elantech\ETDCtrl.exe[4420] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                  000007fef952165a 4 bytes [52, F9, FE, 07]
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[4176] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                              000007fef9521532 4 bytes [52, F9, FE, 07]
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[4176] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                              000007fef952153a 4 bytes [52, F9, FE, 07]
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[4176] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                            000007fef952165a 4 bytes [52, F9, FE, 07]
.text   C:\Program Files\Logitech Gaming Software\LCore.exe[4224] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306            000007fefd79177a 4 bytes [79, FD, FE, 07]
.text   C:\Program Files\Logitech Gaming Software\LCore.exe[4224] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314            000007fefd791782 4 bytes [79, FD, FE, 07]
.text   C:\Program Files\Logitech Gaming Software\LCore.exe[4224] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                      000007fef9521532 4 bytes [52, F9, FE, 07]
.text   C:\Program Files\Logitech Gaming Software\LCore.exe[4224] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                      000007fef952153a 4 bytes [52, F9, FE, 07]
.text   C:\Program Files\Logitech Gaming Software\LCore.exe[4224] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                    000007fef952165a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\wbem\unsecapp.exe[6348] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                    000007fef9521532 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\wbem\unsecapp.exe[6348] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                    000007fef952153a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\wbem\unsecapp.exe[6348] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                  000007fef952165a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\igfxext.exe[6780] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                          000007fef9521532 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\igfxext.exe[6780] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                          000007fef952153a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\igfxext.exe[6780] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                        000007fef952165a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\igfxsrvc.exe[5464] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                         000007fef9521532 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\igfxsrvc.exe[5464] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                         000007fef952153a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\igfxsrvc.exe[5464] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                       000007fef952165a 4 bytes [52, F9, FE, 07]
.text   C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[4784] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690              000007fef9521532 4 bytes [52, F9, FE, 07]
.text   C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[4784] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698              000007fef952153a 4 bytes [52, F9, FE, 07]
.text   C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[4784] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246            000007fef952165a 4 bytes [52, F9, FE, 07]
.text   C:\Program Files\McAfee\MAT\McPvTray.exe[3296] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                 000007fef9521532 4 bytes [52, F9, FE, 07]
.text   C:\Program Files\McAfee\MAT\McPvTray.exe[3296] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                 000007fef952153a 4 bytes [52, F9, FE, 07]
.text   C:\Program Files\McAfee\MAT\McPvTray.exe[3296] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                               000007fef952165a 4 bytes [52, F9, FE, 07]
.text   C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[3464] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306  000007fefd79177a 4 bytes [79, FD, FE, 07]
.text   C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[3464] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314  000007fefd791782 4 bytes [79, FD, FE, 07]
.text   C:\Program Files\mcafee\VirusScan\mcods.exe[4132] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                    000007fefd79177a 4 bytes [79, FD, FE, 07]
.text   C:\Program Files\mcafee\VirusScan\mcods.exe[4132] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                    000007fefd791782 4 bytes [79, FD, FE, 07]
.text   C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[1188] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306  000007fefd79177a 4 bytes [79, FD, FE, 07]
.text   C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[1188] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314  000007fefd791782 4 bytes [79, FD, FE, 07]
.text   C:\Windows\system32\taskhost.exe[2344] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                         000007fef9521532 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\taskhost.exe[2344] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                         000007fef952153a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\taskhost.exe[2344] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                       000007fef952165a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\conhost.exe[2532] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                          000007fef9521532 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\conhost.exe[2532] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                          000007fef952153a 4 bytes [52, F9, FE, 07]
.text   C:\Windows\system32\conhost.exe[2532] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                        000007fef952165a 4 bytes [52, F9, FE, 07]

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2716:1728]                                                                    000007feed040b2c
Thread  C:\Windows\system32\csrss.exe [6124:4044]                                                                                         fffff9600092e5e8
Thread  C:\Windows\system32\csrss.exe [6124:1068]                                                                                         fffff9600092e5e8

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                             unknown MBR code

---- EOF - GMER 2.1 ----
         
Gemacht (Siehe Anhang).


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by Acer (administrator) on SIBTOP on 01-08-2014 12:54:27
Running from C:\Users\Acer\Downloads
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\AppStats\MfeASUM.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Spotify Ltd) C:\Users\Acer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(McAfee, Inc.) C:\Program Files\mcafee\MAT\McPvTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\Core\mchost.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\mcods.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\Core\mchost.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skillbrains) C:\Users\Acer\AppData\Local\Skillbrains\lightshot\5.1.4.6\Lightshot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-10-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-15] (Logitech Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2012-11-28] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-06-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [RoccatKonePure] => C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE [561152 2013-10-23] (ROCCAT GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-06-16] (Oracle Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3123453034-4028823714-348128312-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-3123453034-4028823714-348128312-1002\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-3123453034-4028823714-348128312-1002\...\Run: [Spotify Web Helper] => C:\Users\Acer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-10] (Spotify Ltd)
HKU\S-1-5-21-3123453034-4028823714-348128312-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-04-17] (Electronic Arts)
HKU\S-1-5-21-3123453034-4028823714-348128312-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Acer\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3123453034-4028823714-348128312-1002\...\Run: [LightShot] => C:\Users\Acer\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-07-01] ()
HKU\S-1-5-21-3123453034-4028823714-348128312-1002\...\Policies\Explorer: [DisallowRun] 1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll" File Not Found
AppInit_DLLs-x32:  C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=AC71809B20543175&affID=121845&tt=180613_ndt6&tsp=4921
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/software/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope {CAB5592E-CC92-436E-A6E9-54E071E9E406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {CAB5592E-CC92-436E-A6E9-54E071E9E406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {CAB5592E-CC92-436E-A6E9-54E071E9E406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {CAB5592E-CC92-436E-A6E9-54E071E9E406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {BC49B688-265C-45BD-8A3F-F778A308CB32} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE662&p={SearchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=AC71809B20543175&affID=121845&tt=180613_ndt6&tsp=4921
SearchScopes: HKCU - {96EA97C4-52BE-4710-AFB4-4BBF5F9ED96E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKCU - {B05A6E20-A422-4BF3-A46F-0AADB29EBCC3} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=973AD222-32B8-4BEC-81D3-D600A21B23F7&apn_sauid=69B4F2A5-350D-48AC-A85C-0EBF5EA44F4B
SearchScopes: HKCU - {BC49B688-265C-45BD-8A3F-F778A308CB32} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE662&p={SearchTerms}
SearchScopes: HKCU - {CAB5592E-CC92-436E-A6E9-54E071E9E406} URL = 
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: Plus-HD-2.3 -> {11111111-1111-1111-1111-110311341126} -> C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-bho.dll (Plus HD)
BHO-x32: PriceGong - Price Comparison -> {1631550F-191D-4826-B069-D9439253D926} -> C:\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll (PriceGong)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.11.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.11.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-10-25]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-10-25]
FF HKCU\...\Firefox\Extensions: [{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}] - C:\Program Files (x86)\PriceGong\2.6.11\FF
FF Extension: PriceGong - C:\Program Files (x86)\PriceGong\2.6.11\FF [2013-09-25]

Chrome: 
=======
CHR HomePage: chrome://newtab
CHR StartupUrls: "hxxp://youtube.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Extension: (Google Docs) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-27]
CHR Extension: (Google Drive) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-27]
CHR Extension: (YouTube) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-27]
CHR Extension: (Google-Suche) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-27]
CHR Extension: (SiteAdvisor) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-06-30]
CHR Extension: (AdBlock) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-13]
CHR Extension: (Twitch Live) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiljidcefnbhbpamageahhblhbbhhopm [2014-03-08]
CHR Extension: (Google Wallet) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (365Scores - Live-Spielstände, Neuigkeiten) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpppefjehmjbiplimkfjeamnohldmko [2014-03-08]
CHR Extension: (Google Mail) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-27]
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Acer\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2013-06-27]
CHR HKLM-x32\...\Chrome\Extension: [bkomkajifikmkfnjgphkjcfeepbnojok] - C:\Program Files (x86)\PriceGong\2.6.11\pricegong.crx [2013-03-04]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Acer\AppData\Roaming\BabSolution\CR\Delta.crx [2013-06-22]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Acer\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-04-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
S4 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [4113400 2013-02-04] (devolo AG)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2012-10-19] (ELAN Microelectronics Corp.)
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-06-13] (Freemake) [File not signed]
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-09] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MfeASUM; C:\Program Files\McAfee\AppStats\MfeASUM.exe [335216 2013-09-11] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-06-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
S4 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2012-11-28] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-07-03] (LogMeIn Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R1 MfeASKM; C:\Program Files\McAfee\AppStats\MfeASKM.sys [31408 2013-09-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-06-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-06-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4273192 2012-08-11] (Intel Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2012-09-07] (CACE Technologies)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-28] (Dritek System Inc.)
S3 USBTINSP; C:\Windows\System32\drivers\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
S3 athr; \SystemRoot\system32\DRIVERS\athrx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
U3 fwloypow; \??\C:\Users\Acer\AppData\Local\Temp\fwloypow.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 12:54 - 2014-08-01 12:54 - 00032171 _____ () C:\Users\Acer\Downloads\FRST.txt
2014-08-01 12:54 - 2014-08-01 12:54 - 00000000 ____D () C:\FRST
2014-08-01 12:47 - 2014-08-01 12:47 - 00000000 ____D () C:\Users\Acer\Documents\Lightshot
2014-08-01 12:46 - 2014-08-01 12:50 - 00000400 _____ () C:\Windows\Tasks\update-S-1-5-21-3123453034-4028823714-348128312-1002.job
2014-08-01 12:46 - 2014-08-01 12:46 - 02273984 _____ (Skillbrains ) C:\Users\Acer\Downloads\setup-lightshot.exe
2014-08-01 12:46 - 2014-08-01 12:46 - 00003270 _____ () C:\Windows\System32\Tasks\update-sys
2014-08-01 12:46 - 2014-08-01 12:46 - 00003246 _____ () C:\Windows\System32\Tasks\update-S-1-5-21-3123453034-4028823714-348128312-1002
2014-08-01 12:46 - 2014-08-01 12:46 - 00000434 _____ () C:\Users\Acer\AppData\Local\UserProducts.xml
2014-08-01 12:46 - 2014-08-01 12:46 - 00000400 _____ () C:\Windows\Tasks\update-sys.job
2014-08-01 12:46 - 2014-08-01 12:46 - 00000003 _____ () C:\Users\Acer\AppData\Local\updater.log
2014-08-01 12:46 - 2014-08-01 12:46 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-08-01 12:46 - 2014-08-01 12:46 - 00000000 ____D () C:\Users\Acer\AppData\Local\Skillbrains
2014-08-01 12:46 - 2014-08-01 12:46 - 00000000 ____D () C:\Program Files (x86)\Skillbrains
2014-08-01 12:40 - 2014-08-01 12:40 - 00019968 _____ () C:\Users\Acer\Desktop\gmer.txt
2014-08-01 12:16 - 2014-08-01 12:16 - 00380416 _____ () C:\Users\Acer\Downloads\Gmer-19357.exe
2014-08-01 12:15 - 2014-08-01 12:15 - 00050477 _____ () C:\Users\Acer\Desktop\Defogger.exe
2014-08-01 12:15 - 2014-08-01 12:15 - 00000470 _____ () C:\Users\Acer\Desktop\defogger_disable.log
2014-08-01 12:15 - 2014-08-01 12:15 - 00000000 _____ () C:\Users\Acer\defogger_reenable
2014-08-01 12:08 - 2014-08-01 12:08 - 02094080 _____ (Farbar) C:\Users\Acer\Downloads\FRST64.exe
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-31 15:59 - 2014-07-31 15:59 - 187850512 _____ () C:\Users\Acer\Desktop\LP2.mp4
2014-07-31 12:21 - 2014-07-31 12:22 - 374774656 _____ () C:\Users\Acer\Desktop\csgo 2014-07-31 12-21-48-30.avi
2014-07-30 16:38 - 2014-07-30 16:38 - 119320085 _____ () C:\Users\Acer\Desktop\Untitled.mp4
2014-07-30 15:58 - 2014-07-30 15:58 - 00027591 _____ () C:\Users\Acer\AppData\Local\recently-used.xbel
2014-07-29 18:31 - 2014-07-29 18:31 - 00000000 ____D () C:\Users\Acer\Desktop\Foto-Bestellung
2014-07-29 17:09 - 2014-07-29 17:09 - 182460392 _____ () C:\Users\Acer\Desktop\lp1.mp4
2014-07-29 15:58 - 2014-07-29 15:59 - 130299481 _____ () C:\Users\Acer\Desktop\CC.mp4
2014-07-28 19:24 - 2014-07-30 15:58 - 00000000 ____D () C:\Users\Acer\Desktop\Clash
2014-07-28 17:23 - 2014-07-28 17:23 - 00001860 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-07-28 17:23 - 2014-07-28 17:23 - 00001811 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-07-28 17:22 - 2014-07-28 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-07-28 17:22 - 2014-07-28 17:22 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-07-28 17:22 - 2014-07-28 17:22 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-07-28 17:21 - 2014-07-28 17:21 - 00000000 ____D () C:\Users\Acer\AppData\Local\Bluestacks
2014-07-28 17:15 - 2014-07-28 18:12 - 00003852 _____ () C:\Windows\windefendam.log
2014-07-28 17:15 - 2014-07-28 18:12 - 00000020 _____ () C:\Windows\capsys184523.log
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Users\Acer\AppData\Local\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\ProgramData\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Program Files (x86)\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Action!
2014-07-27 17:58 - 2014-07-27 17:58 - 00000295 _____ () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb (3).lnk
2014-07-26 19:08 - 2014-07-26 19:09 - 00000000 ____D () C:\Users\Acer\AppData\Local\QQSM
2014-07-26 19:07 - 2014-07-26 19:07 - 00001035 _____ () C:\Users\Public\Desktop\Hazard Ops.lnk
2014-07-26 19:07 - 2014-07-26 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hazard Ops
2014-07-26 18:56 - 2014-07-26 19:07 - 00000000 ____D () C:\Program Files (x86)\Hazard Ops
2014-07-26 16:21 - 2014-07-26 19:08 - 00000000 ____D () C:\ProgramData\Solid State Networks
2014-07-26 16:21 - 2014-07-26 18:55 - 00000000 ____D () C:\Users\Acer\Desktop\Hazard Ops Download
2014-07-23 18:39 - 2014-07-23 18:39 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\java
2014-07-23 18:35 - 2014-07-23 18:34 - 00321448 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-23 18:06 - 2014-07-30 18:21 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\.minecraft
2014-07-23 18:03 - 2014-07-23 18:03 - 00675988 _____ () C:\Users\Acer\Desktop\Minecraft.exe
2014-07-02 14:40 - 2014-07-28 17:43 - 00000000 ____D () C:\ProgramData\BlueStacksSetup

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 12:55 - 2013-06-27 13:27 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 12:55 - 2013-06-27 13:27 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-01 12:54 - 2014-08-01 12:54 - 00032171 _____ () C:\Users\Acer\Downloads\FRST.txt
2014-08-01 12:54 - 2014-08-01 12:54 - 00000000 ____D () C:\FRST
2014-08-01 12:50 - 2014-08-01 12:46 - 00000400 _____ () C:\Windows\Tasks\update-S-1-5-21-3123453034-4028823714-348128312-1002.job
2014-08-01 12:47 - 2014-08-01 12:47 - 00000000 ____D () C:\Users\Acer\Documents\Lightshot
2014-08-01 12:47 - 2013-06-08 15:46 - 05718016 ___SH () C:\Users\Acer\Desktop\Thumbs.db
2014-08-01 12:46 - 2014-08-01 12:46 - 02273984 _____ (Skillbrains ) C:\Users\Acer\Downloads\setup-lightshot.exe
2014-08-01 12:46 - 2014-08-01 12:46 - 00003270 _____ () C:\Windows\System32\Tasks\update-sys
2014-08-01 12:46 - 2014-08-01 12:46 - 00003246 _____ () C:\Windows\System32\Tasks\update-S-1-5-21-3123453034-4028823714-348128312-1002
2014-08-01 12:46 - 2014-08-01 12:46 - 00000434 _____ () C:\Users\Acer\AppData\Local\UserProducts.xml
2014-08-01 12:46 - 2014-08-01 12:46 - 00000400 _____ () C:\Windows\Tasks\update-sys.job
2014-08-01 12:46 - 2014-08-01 12:46 - 00000003 _____ () C:\Users\Acer\AppData\Local\updater.log
2014-08-01 12:46 - 2014-08-01 12:46 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-08-01 12:46 - 2014-08-01 12:46 - 00000000 ____D () C:\Users\Acer\AppData\Local\Skillbrains
2014-08-01 12:46 - 2014-08-01 12:46 - 00000000 ____D () C:\Program Files (x86)\Skillbrains
2014-08-01 12:40 - 2014-08-01 12:40 - 00019968 _____ () C:\Users\Acer\Desktop\gmer.txt
2014-08-01 12:16 - 2014-08-01 12:16 - 00380416 _____ () C:\Users\Acer\Downloads\Gmer-19357.exe
2014-08-01 12:16 - 2013-06-22 18:16 - 00001210 _____ () C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
2014-08-01 12:16 - 2013-06-22 18:16 - 00001206 _____ () C:\Windows\Tasks\Plus-HD-2.3-updater.job
2014-08-01 12:16 - 2013-06-22 18:16 - 00001110 _____ () C:\Windows\Tasks\Plus-HD-2.3-enabler.job
2014-08-01 12:15 - 2014-08-01 12:15 - 00050477 _____ () C:\Users\Acer\Desktop\Defogger.exe
2014-08-01 12:15 - 2014-08-01 12:15 - 00000470 _____ () C:\Users\Acer\Desktop\defogger_disable.log
2014-08-01 12:15 - 2014-08-01 12:15 - 00000000 _____ () C:\Users\Acer\defogger_reenable
2014-08-01 12:15 - 2013-06-02 18:12 - 00000000 ____D () C:\Users\Acer
2014-08-01 12:08 - 2014-08-01 12:08 - 02094080 _____ (Farbar) C:\Users\Acer\Downloads\FRST64.exe
2014-08-01 12:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-01 11:35 - 2013-08-07 15:27 - 00001848 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-08-01 11:32 - 2013-10-08 13:15 - 00000000 __RSD () C:\Users\Acer\Documents\McAfee-Tresore
2014-08-01 11:26 - 2014-03-18 17:28 - 05036472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-01 11:26 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-01 11:26 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-01 10:42 - 2013-06-05 18:48 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Skype
2014-08-01 10:39 - 2013-06-22 13:06 - 00000000 ____D () C:\Users\Acer\AppData\Local\Adobe
2014-07-31 19:56 - 2013-06-06 15:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-31 15:59 - 2014-07-31 15:59 - 187850512 _____ () C:\Users\Acer\Desktop\LP2.mp4
2014-07-31 15:56 - 2013-06-02 18:37 - 00000000 ____D () C:\Users\Acer\AppData\Local\CrashDumps
2014-07-31 12:22 - 2014-07-31 12:21 - 374774656 _____ () C:\Users\Acer\Desktop\csgo 2014-07-31 12-21-48-30.avi
2014-07-30 18:21 - 2014-07-23 18:06 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\.minecraft
2014-07-30 16:38 - 2014-07-30 16:38 - 119320085 _____ () C:\Users\Acer\Desktop\Untitled.mp4
2014-07-30 16:00 - 2013-08-27 12:09 - 00000000 ____D () C:\Users\Acer\.gimp-2.8
2014-07-30 15:58 - 2014-07-30 15:58 - 00027591 _____ () C:\Users\Acer\AppData\Local\recently-used.xbel
2014-07-30 15:58 - 2014-07-28 19:24 - 00000000 ____D () C:\Users\Acer\Desktop\Clash
2014-07-30 15:58 - 2013-08-28 10:55 - 00000000 ____D () C:\Users\Acer\AppData\Local\gtk-2.0
2014-07-29 19:54 - 2012-11-29 07:27 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-07-29 19:54 - 2012-11-29 07:27 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-07-29 19:54 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-29 18:32 - 2012-07-26 09:21 - 00054262 _____ () C:\Windows\setupact.log
2014-07-29 18:31 - 2014-07-29 18:31 - 00000000 ____D () C:\Users\Acer\Desktop\Foto-Bestellung
2014-07-29 17:09 - 2014-07-29 17:09 - 182460392 _____ () C:\Users\Acer\Desktop\lp1.mp4
2014-07-29 15:59 - 2014-07-29 15:58 - 130299481 _____ () C:\Users\Acer\Desktop\CC.mp4
2014-07-28 18:12 - 2014-07-28 17:15 - 00003852 _____ () C:\Windows\windefendam.log
2014-07-28 18:12 - 2014-07-28 17:15 - 00000020 _____ () C:\Windows\capsys184523.log
2014-07-28 17:43 - 2014-07-02 14:40 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-07-28 17:23 - 2014-07-28 17:23 - 00001860 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-07-28 17:23 - 2014-07-28 17:23 - 00001811 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-07-28 17:23 - 2012-07-26 10:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-07-28 17:22 - 2014-07-28 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-07-28 17:22 - 2014-07-28 17:22 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-07-28 17:22 - 2014-07-28 17:22 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-07-28 17:21 - 2014-07-28 17:21 - 00000000 ____D () C:\Users\Acer\AppData\Local\Bluestacks
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Users\Acer\AppData\Local\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\ProgramData\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Program Files (x86)\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Action!
2014-07-28 15:34 - 2012-10-25 06:28 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-07-28 15:33 - 2012-10-25 05:55 - 00175786 _____ () C:\Windows\PFRO.log
2014-07-27 19:05 - 2013-06-02 18:20 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3123453034-4028823714-348128312-1002
2014-07-27 17:58 - 2014-07-27 17:58 - 00000295 _____ () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb (3).lnk
2014-07-27 17:46 - 2014-05-16 19:47 - 00000000 ____D () C:\Users\Acer\Desktop\YoutubeDownload
2014-07-27 15:25 - 2014-05-17 16:37 - 00000000 ____D () C:\Users\Acer\Desktop\Videos - ungerendert
2014-07-27 15:00 - 2013-06-08 15:32 - 00000000 ____D () C:\Fraps
2014-07-27 12:05 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-26 19:09 - 2014-07-26 19:08 - 00000000 ____D () C:\Users\Acer\AppData\Local\QQSM
2014-07-26 19:08 - 2014-07-26 16:21 - 00000000 ____D () C:\ProgramData\Solid State Networks
2014-07-26 19:07 - 2014-07-26 19:07 - 00001035 _____ () C:\Users\Public\Desktop\Hazard Ops.lnk
2014-07-26 19:07 - 2014-07-26 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hazard Ops
2014-07-26 19:07 - 2014-07-26 18:56 - 00000000 ____D () C:\Program Files (x86)\Hazard Ops
2014-07-26 18:55 - 2014-07-26 16:21 - 00000000 ____D () C:\Users\Acer\Desktop\Hazard Ops Download
2014-07-26 15:13 - 2013-06-08 16:05 - 00000000 ____D () C:\Users\Acer\AppData\Local\Windows Live
2014-07-26 15:11 - 2012-10-25 06:32 - 00000000 ____D () C:\Program Files (x86)\EgisTec MyWinLocker
2014-07-26 15:07 - 2012-10-25 06:32 - 00000000 ____D () C:\ProgramData\EgisTec IPS
2014-07-26 15:05 - 2012-10-25 06:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-25 11:05 - 2013-11-09 15:59 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Spotify
2014-07-25 10:38 - 2012-10-25 06:29 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-07-25 10:37 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-07-23 18:39 - 2014-07-23 18:39 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\java
2014-07-23 18:37 - 2013-11-09 15:59 - 00000000 ____D () C:\Users\Acer\AppData\Local\Spotify
2014-07-23 18:34 - 2014-07-23 18:35 - 00321448 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-23 18:34 - 2014-05-16 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-07-23 18:34 - 2014-04-22 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-23 18:34 - 2013-06-07 18:01 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-23 18:34 - 2013-06-07 18:01 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-23 18:34 - 2013-06-07 18:01 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-23 18:34 - 2013-06-07 18:00 - 00000000 ____D () C:\Program Files\Java
2014-07-23 18:03 - 2014-07-23 18:03 - 00675988 _____ () C:\Users\Acer\Desktop\Minecraft.exe
2014-07-10 13:17 - 2013-09-22 19:44 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\TS3Client
2014-07-08 17:04 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI

Files to move or delete:
====================
C:\Users\Acer\jagex_cl_runescape_LIVE.dat
C:\Users\Acer\random.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!


LastRegBack: 2014-07-22 19:43

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by Acer at 2014-08-01 12:55:20
Running from C:\Users\Acer\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
Ace of Spades (HKLM-x32\...\{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}) (Version: 0.75.015 - Ben Aksoy)
Ace of Spades (HKLM-x32\...\Steam App 224540) (Version:  - Jagex Limited)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.19.2 - Mirillis)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.0.0.181 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Any Video Converter 5.0.5 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arctic Combat (HKLM-x32\...\Steam App 212370) (Version:  - Battery Studio)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audacity Bundle by Fileparade.com (HKLM-x32\...\Audacity Bundle by Fileparade.com) (Version: 1.0.0.0 - SweetPacks LTD) <==== ATTENTION
Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{1AFACC2A-9A60-43EF-ABDB-2CEECA5EA77F}) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
BrowserDefender (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version:  - Bit89 Inc) <==== ATTENTION
Build and Shoot Launcher 1.1 (HKLM-x32\...\Build and Shoot Launcher) (Version: 1.1 - Buld Then Snip, LLC)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version:  - Visual Tools) <==== ATTENTION
Delta toolbar   (HKLM-x32\...\delta) (Version: 1.8.21.5 - Delta) <==== ATTENTION
devolo dLAN Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.0.0.0 - devolo AG)
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
Dxtory version 2.0.122 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.122 - Dxtory Software)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
ETDWare PS/2-X64 11.6.13.004_WHQL (HKLM\...\Elantech) (Version: 11.6.13.004 - ELAN Microelectronic Corp.)
Euro Truck Simulator 2 Demo (HKLM-x32\...\Steam App 231120) (Version:  - SCS Software)
FileZilla Client 3.7.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.1.1 - Tim Kosse)
FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
Free Video to Flash Converter version 5.0.25.610 (HKLM-x32\...\Free Video to Flash Converter_is1) (Version: 5.0.25.610 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 5.0.25.610 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.25.610 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.8.717 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.8.717 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.3.610 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.3.610 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.0.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.1 - Ellora Assets Corporation)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Half-Life Dedicated Server Update Tool (HKLM-x32\...\Half-Life Dedicated Server Update Tool) (Version:  - )
HandBrake 0.9.9 (HKLM-x32\...\HandBrake) (Version: 0.9.9 - )
Hazard Ops (HKLM-x32\...\{F70DE052-CFFD-4DCB-8DA3-3ECAAFBB7D15}}_is1) (Version: 0.2.0.2042 - Infernum Productions AG)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418011FF}) (Version: 8.0.110 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.11.12 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 55 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.7 - Acer Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Lightshot-5.1.4.6 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.4.6 - Skillbrains)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.154 - Logitech Inc.)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.0.6.2000 - Maxthon International Limited)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
MotoGP™13 Demo (HKLM-x32\...\Steam App 243820) (Version:  - Milestone S.r.l.)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.2 - Notepad++ Team)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3200 - Acer)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plus-HD-2.3 (HKLM-x32\...\Plus-HD-2.3) (Version: 1.27.153.5 - Plus HD) <==== ATTENTION
Pokemon Online 2.3.0 (HKLM-x32\...\{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1) (Version:  - Dreambelievers)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PriceGong 2.6.11 (HKLM-x32\...\PriceGong) (Version: 2.6.11 - PriceGong) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
ROCCAT Kone Pure Mouse Driver (HKLM-x32\...\{4905245D-56E7-4176-BE68-962728B803D6}) (Version:  - Roccat GmbH)
ROCCAT Power-Grid Version 0.459 (HKLM-x32\...\{953CF6E6-4EC8-4E55-A263-720CEBD591FE}_is1) (Version: 0.459 - ROCCAT GmbH)
Sauerbraten (HKLM-x32\...\Sauerbraten) (Version:  - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TI-Nspire(TM) CAS Student Software (HKLM-x32\...\{E8CC9064-8382-4D5C-9E55-F88D9541FFC0}) (Version: 3.2.0.1219 - Texas Instruments Inc.)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.17 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
XSplit Broadcaster (HKLM-x32\...\{4BC33FAB-4249-44D7-88A3-22682C577EE3}) (Version: 1.3.1310.1103 - SplitMediaLabs)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

10-07-2014 11:30:49 Geplanter Prüfpunkt
22-07-2014 17:47:10 Geplanter Prüfpunkt
26-07-2014 13:02:21 Konfiguriert MediaEspresso
27-07-2014 15:43:05 Removed BlueStacks Notification Center
01-08-2014 10:07:57 Removed Camtasia Studio 8

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05CD3BEF-3BFF-4B1D-A23F-940590DFAA65} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert
Task: {0904E6E4-9C2B-4F4C-B68E-4C980588F693} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {1374B489-39EC-4BA9-BE12-9DCFBE284FF5} - System32\Tasks\{7DB51D54-7340-4D9C-B8C2-98EC221A65CF} => c:\program files (x86)\maxthon\bin\maxthon.exe [2013-05-06] (Maxthon International ltd.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1BB228C1-5DAD-465B-9C57-78681F1880D3} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {1C56FD5E-D85C-41E5-9224-C897114D1757} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {260E584D-B1F8-4579-84CF-F51FC00AA7E6} - System32\Tasks\{C59678A3-9AB9-496D-865B-6F398E1DEC86} => c:\program files (x86)\maxthon\bin\maxthon.exe [2013-05-06] (Maxthon International ltd.)
Task: {26F72A6D-3F73-49B0-8B99-5E273B515A50} - System32\Tasks\{1D234A3F-0A38-4D93-83F8-F950A7A977AD} => c:\program files (x86)\maxthon\bin\maxthon.exe [2013-05-06] (Maxthon International ltd.)
Task: {2BBDF949-171E-47C1-A55C-A8292D1AE47A} - System32\Tasks\{68F5A7AF-B70A-4DE7-85B1-21BCE0133032} => c:\program files (x86)\maxthon\bin\maxthon.exe [2013-05-06] (Maxthon International ltd.)
Task: {2CBEF043-7831-47A1-8D78-E9702901CD6B} - System32\Tasks\Plus-HD-2.3-enabler => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe [2013-12-26] (Plus HD)
Task: {3B8F4F3C-D5C5-42B2-89F2-D7E85D273F52} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-06-22] (Microsoft Corporation)
Task: {44A55202-E24E-402B-B96C-9F2B7C906C9B} - System32\Tasks\update-S-1-5-21-3123453034-4028823714-348128312-1002 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {52EF4DF8-76E9-4CC4-AA1D-F6AE1AB61497} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {7F6C71C4-B065-4130-9449-170A55255CC5} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-06-03] (Maxthon International ltd.)
Task: {813F38FD-4DA1-4E63-8833-BFA0A546670C} - System32\Tasks\EPUpdater => C:\Users\Acer\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () <==== ATTENTION
Task: {93347DF4-5F18-4248-AEE6-D871894B8294} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {99D45DB4-7AA0-4999-AE64-0E0503D384A6} - System32\Tasks\Plus-HD-2.3-codedownloader => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe [2013-06-22] (Plus HD)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A9B3D63B-DE1C-4886-917E-D58A3BA32ADB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-27] (Google Inc.)
Task: {AB8F1880-B29A-4B00-9084-D011A02C97A7} - System32\Tasks\Plus-HD-2.3-updater => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe [2013-06-22] (Plus HD)
Task: {AF9CD05D-B25C-4EC7-B86D-8C27BAAC3146} - System32\Tasks\AdobeAAMUpdater-1.0-SibTop-Acer => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {B1D35763-18E8-4151-8F73-7626C0DBD09D} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {B8E9693A-7C3B-46D6-8BD2-3C064F6F956C} - System32\Tasks\{D56270AE-F972-4A9B-AC8D-607AF94A4925} => c:\program files (x86)\maxthon\bin\maxthon.exe [2013-05-06] (Maxthon International ltd.)
Task: {C53BD627-907F-46DC-8AC1-12B1F018D8DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-27] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EACCC4AB-96B2-42EA-8EEE-1335F0E399BC} - System32\Tasks\{FEFAFBD3-E9E9-442A-BF1C-1A8745FEB34C} => c:\program files (x86)\maxthon\bin\maxthon.exe [2013-05-06] (Maxthon International ltd.)
Task: {EBB5E046-98AD-4CAE-ACD7-CF3AC4482B1E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FBA71317-EB0D-4719-A075-715EE0EA0F86} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.3-enabler.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.3-updater.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\update-S-1-5-21-3123453034-4028823714-348128312-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (whitelisted) =============

2014-04-22 17:10 - 2014-03-04 16:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-22 17:19 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-06-11 23:58 - 2013-06-11 23:58 - 03316080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-07-26 09:58 - 2012-07-26 09:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-10-29 07:33 - 2012-10-23 20:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-11 20:21 - 2014-02-11 20:21 - 00860160 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-02-11 20:22 - 2014-02-11 20:22 - 01043968 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-02-11 20:21 - 2014-02-11 20:21 - 00052736 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-02-11 20:22 - 2014-02-11 20:22 - 00236032 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2013-06-11 23:58 - 2013-06-11 23:58 - 04513648 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2012-08-23 08:26 - 2012-08-23 08:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-23 08:26 - 2012-08-23 08:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-23 08:26 - 2012-08-23 08:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2012-11-28 22:42 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-06-13 22:11 - 2013-06-13 22:11 - 32726528 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2013-03-13 13:42 - 2013-06-05 14:21 - 00071560 _____ () C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
2014-03-26 17:27 - 2012-06-23 15:54 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\hiddriver.dll
2013-06-11 23:57 - 2013-06-11 23:57 - 00381808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CCInvokeAAM.dll
2013-06-27 22:12 - 2013-06-27 22:12 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-04-22 17:10 - 2014-03-04 16:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-07-22 14:57 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-22 14:57 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-22 14:57 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-22 14:57 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-22 14:57 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-22 14:57 - 2014-07-15 11:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Acer\AppData\Local\Temporary Internet Files:BQvlh9x4TJm7wCjTHxVXKY3j
AlternateDataStreams: C:\Users\Acer\AppData\Local\Temporary Internet Files:Sqy0f8GJCFuB9poCX4gmtpk7NDcbYX

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BrcmCardReader => 2
MSCONFIG\Services: DevoloNetworkService => 2
MSCONFIG\Services: DsiWMIService => 2
MSCONFIG\Services: EgisTec Ticket Service => 3
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: Freemake Improver => 2
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: RfButtonDriverService => 2
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKCU\...\StartupApproved\Run: => "Steam"
HKCU\...\StartupApproved\Run: => "EADM"
HKCU\...\StartupApproved\Run: => "Akamai NetSession Interface"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2014 11:30:31 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to launch stream service as user [87]

Error: (07/31/2014 03:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HD-Frontend.exe, Version: 0.8.12.3119, Zeitstempel: 0x53b58743
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d2be6
Ausnahmecode: 0xc0020001
Fehleroffset: 0x00010f22
ID des fehlerhaften Prozesses: 0x2f8
Startzeit der fehlerhaften Anwendung: 0xHD-Frontend.exe0
Pfad der fehlerhaften Anwendung: HD-Frontend.exe1
Pfad des fehlerhaften Moduls: HD-Frontend.exe2
Berichtskennung: HD-Frontend.exe3
Vollständiger Name des fehlerhaften Pakets: HD-Frontend.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HD-Frontend.exe5

Error: (07/31/2014 03:48:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HD-Frontend.exe, Version: 0.8.12.3119, Zeitstempel: 0x53b58743
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d2be6
Ausnahmecode: 0xc0020001
Fehleroffset: 0x00010f22
ID des fehlerhaften Prozesses: 0x1df8
Startzeit der fehlerhaften Anwendung: 0xHD-Frontend.exe0
Pfad der fehlerhaften Anwendung: HD-Frontend.exe1
Pfad des fehlerhaften Moduls: HD-Frontend.exe2
Berichtskennung: HD-Frontend.exe3
Vollständiger Name des fehlerhaften Pakets: HD-Frontend.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HD-Frontend.exe5

Error: (07/31/2014 03:03:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm HD-Frontend.exe, Version 0.8.12.3119 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f2c

Startzeit: 01cfacbfc4baf785

Endzeit: 12

Anwendungspfad: C:\Program Files (x86)\BlueStacks\HD-Frontend.exe

Berichts-ID: 0d675112-18b3-11e4-beb7-b888e3da3fac

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/31/2014 11:23:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HD-Frontend.exe, Version: 0.8.12.3119, Zeitstempel: 0x53b58743
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d2be6
Ausnahmecode: 0xc0020001
Fehleroffset: 0x00010f22
ID des fehlerhaften Prozesses: 0x12dc
Startzeit der fehlerhaften Anwendung: 0xHD-Frontend.exe0
Pfad der fehlerhaften Anwendung: HD-Frontend.exe1
Pfad des fehlerhaften Moduls: HD-Frontend.exe2
Berichtskennung: HD-Frontend.exe3
Vollständiger Name des fehlerhaften Pakets: HD-Frontend.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HD-Frontend.exe5

Error: (07/31/2014 10:11:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_wcncsvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16579, Zeitstempel: 0x51637f77
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005af58
ID des fehlerhaften Prozesses: 0x1818
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_wcncsvc0
Pfad der fehlerhaften Anwendung: svchost.exe_wcncsvc1
Pfad des fehlerhaften Moduls: svchost.exe_wcncsvc2
Berichtskennung: svchost.exe_wcncsvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_wcncsvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_wcncsvc5

Error: (07/30/2014 04:27:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HD-Frontend.exe, Version: 0.8.12.3119, Zeitstempel: 0x53b58743
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d2be6
Ausnahmecode: 0xc0020001
Fehleroffset: 0x00010f22
ID des fehlerhaften Prozesses: 0x1914
Startzeit der fehlerhaften Anwendung: 0xHD-Frontend.exe0
Pfad der fehlerhaften Anwendung: HD-Frontend.exe1
Pfad des fehlerhaften Moduls: HD-Frontend.exe2
Berichtskennung: HD-Frontend.exe3
Vollständiger Name des fehlerhaften Pakets: HD-Frontend.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HD-Frontend.exe5

Error: (07/29/2014 05:09:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm gimp-2.8.exe, Version 2.8.6.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1100

Startzeit: 01cfab3f1294a66a

Endzeit: 2

Anwendungspfad: C:\Program Files\GIMP 2\bin\gimp-2.8.exe

Berichts-ID: 5d2f4374-1732-11e4-beb7-b888e3da3fac

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/29/2014 05:09:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm gimp-2.8.exe, Version 2.8.6.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17bc

Startzeit: 01cfab3ecd1d7d0a

Endzeit: 25

Anwendungspfad: C:\Program Files\GIMP 2\bin\gimp-2.8.exe

Berichts-ID: 46cf0ec0-1732-11e4-beb7-b888e3da3fac

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/29/2014 05:07:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm gimp-2.8.exe, Version 2.8.6.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 11dc

Startzeit: 01cfab3ea1a9bacb

Endzeit: 24

Anwendungspfad: C:\Program Files\GIMP 2\bin\gimp-2.8.exe

Berichts-ID: 05be1b7c-1732-11e4-beb7-b888e3da3fac

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (08/01/2014 11:26:02 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎01.‎08.‎2014 um 10:36:27 unerwartet heruntergefahren.

Error: (07/31/2014 10:11:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows-Sofortverbindung - Konfigurationsregistrierungsstelle" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/31/2014 10:11:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/31/2014 10:11:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Zeitbroker" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/31/2014 10:11:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "SSDP-Suche" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/31/2014 10:11:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Sensorüberwachungsdienst" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (07/31/2014 10:11:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/30/2014 08:27:45 PM) (Source: DCOM) (EventID: 10010) (User: SibTop)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/30/2014 08:27:45 PM) (Source: DCOM) (EventID: 10010) (User: SibTop)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/30/2014 00:47:55 PM) (Source: DCOM) (EventID: 10010) (User: SibTop)
Description: {209500FC-6B45-4693-8871-6296C4843751}


Microsoft Office Sessions:
=========================
Error: (08/01/2014 11:30:31 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to launch stream service as user [87]

Error: (07/31/2014 03:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HD-Frontend.exe0.8.12.311953b58743KERNELBASE.dll6.2.9200.16864531d2be6c002000100010f222f801cfacc7102de848C:\Program Files (x86)\BlueStacks\HD-Frontend.exeC:\Windows\SYSTEM32\KERNELBASE.dll82d7ee31-18ba-11e4-beb7-b888e3da3fac

Error: (07/31/2014 03:48:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HD-Frontend.exe0.8.12.311953b58743KERNELBASE.dll6.2.9200.16864531d2be6c002000100010f221df801cfacc5f2995ad2C:\Program Files (x86)\BlueStacks\HD-Frontend.exeC:\Windows\SYSTEM32\KERNELBASE.dll698e8686-18b9-11e4-beb7-b888e3da3fac

Error: (07/31/2014 03:03:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HD-Frontend.exe0.8.12.3119f2c01cfacbfc4baf78512C:\Program Files (x86)\BlueStacks\HD-Frontend.exe0d675112-18b3-11e4-beb7-b888e3da3fac

Error: (07/31/2014 11:23:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: HD-Frontend.exe0.8.12.311953b58743KERNELBASE.dll6.2.9200.16864531d2be6c002000100010f2212dc01cfaca02eb1cc16C:\Program Files (x86)\BlueStacks\HD-Frontend.exeC:\Windows\SYSTEM32\KERNELBASE.dll53b2f45d-1894-11e4-beb7-b888e3da3fac

Error: (07/31/2014 10:11:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_wcncsvc6.2.9200.16420505a9a4entdll.dll6.2.9200.1657951637f77c0000005000000000005af58181801cfab09ca39d86dC:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll34d7e11b-188a-11e4-beb7-b888e3da3fac

Error: (07/30/2014 04:27:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HD-Frontend.exe0.8.12.311953b58743KERNELBASE.dll6.2.9200.16864531d2be6c002000100010f22191401cfac00ac7bbe35C:\Program Files (x86)\BlueStacks\HD-Frontend.exeC:\Windows\SYSTEM32\KERNELBASE.dll9704f30c-17f5-11e4-beb7-b888e3da3fac

Error: (07/29/2014 05:09:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gimp-2.8.exe2.8.6.0110001cfab3f1294a66a2C:\Program Files\GIMP 2\bin\gimp-2.8.exe5d2f4374-1732-11e4-beb7-b888e3da3fac

Error: (07/29/2014 05:09:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gimp-2.8.exe2.8.6.017bc01cfab3ecd1d7d0a25C:\Program Files\GIMP 2\bin\gimp-2.8.exe46cf0ec0-1732-11e4-beb7-b888e3da3fac

Error: (07/29/2014 05:07:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gimp-2.8.exe2.8.6.011dc01cfab3ea1a9bacb24C:\Program Files\GIMP 2\bin\gimp-2.8.exe05be1b7c-1732-11e4-beb7-b888e3da3fac


==================== Memory info =========================== 

Percentage of memory in use: 49%
Total physical RAM: 8007.27 MB
Available physical RAM: 4049.94 MB
Total Pagefile: 9223.27 MB
Available Pagefile: 5088.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.19 GB) (Free:251.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 28EF967C)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________
Angehängte Dateien
Dateityp: txt Addition.txt (44,3 KB, 133x aufgerufen)

Geändert von Mappin (01.08.2014 um 12:11 Uhr)

Alt 01.08.2014, 12:52   #4
M-K-D-B
/// TB-Ausbilder
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!
Reboot:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 01.08.2014, 13:48   #5
Mappin
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014 02
Ran by Acer at 2014-08-01 14:07:42 Run:1
Running from C:\Users\Acer\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!
Reboot:
end
*****************


Der Vorgang wurde erfolgreich beendet.


The system needed a reboot. 

==== End of Fixlog ====
         
Code:
ATTFilter
ComboFix 14-07-31.02 - Acer 01.08.2014  14:36:48.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.8007.5219 [GMT 2:00]
ausgeführt von:: c:\users\Acer\Downloads\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\PriceGong
c:\program files (x86)\PriceGong\2.6.11\FF\chrome.manifest
c:\program files (x86)\PriceGong\2.6.11\FF\chrome\content\options.js
c:\program files (x86)\PriceGong\2.6.11\FF\chrome\content\options.xul
c:\program files (x86)\PriceGong\2.6.11\FF\chrome\content\overlay.js
c:\program files (x86)\PriceGong\2.6.11\FF\chrome\content\preferences.xul
c:\program files (x86)\PriceGong\2.6.11\FF\chrome\content\pricegong-3.x.xul
c:\program files (x86)\PriceGong\2.6.11\FF\chrome\content\pricegong-4.x.xul
c:\program files (x86)\PriceGong\2.6.11\FF\chrome\locale\en-US\overlay.dtd
c:\program files (x86)\PriceGong\2.6.11\FF\chrome\locale\en-US\pricegong.dtd
c:\program files (x86)\PriceGong\2.6.11\FF\chrome\skin\overlay.css
c:\program files (x86)\PriceGong\2.6.11\FF\chrome\skin\PriceGong.png
c:\program files (x86)\PriceGong\2.6.11\FF\install.rdf
c:\program files (x86)\PriceGong\2.6.11\FF\modules\pg_tab_wrapper.js
c:\program files (x86)\PriceGong\2.6.11\FF\plugins\npPriceGong_FF.dll
c:\program files (x86)\PriceGong\2.6.11\PriceGong.crx
c:\program files (x86)\PriceGong\2.6.11\PriceGongIE.dll
c:\program files (x86)\PriceGong\uninst.exe
c:\programdata\BrowserDefender
c:\programdata\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl
c:\programdata\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings
c:\programdata\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm
c:\programdata\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00
c:\programdata\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01
c:\programdata\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02
c:\programdata\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03
c:\programdata\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10
c:\programdata\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11
c:\programdata\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12
c:\programdata\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13
c:\programdata\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20
c:\programdata\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21
c:\programdata\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22
c:\programdata\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23
c:\users\Acer\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
c:\users\Acer\AppData\Roaming\Microsoft\Windows\Recent\Call of Duty Black Ops II - Multiplayer.url
c:\users\Acer\AppData\Roaming\Microsoft\Windows\Recent\Call of Duty Black Ops II - Zombies.url
c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender\Uninstall BrowserDefender.lnk
c:\windows\windefendam.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-07-01 bis 2014-08-01  ))))))))))))))))))))))))))))))
.
.
2014-08-01 12:43 . 2014-08-01 12:43	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2014-08-01 12:43 . 2014-08-01 12:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-08-01 10:54 . 2014-08-01 12:07	--------	d-----w-	C:\FRST
2014-08-01 10:46 . 2014-08-01 10:46	--------	d-----w-	c:\program files (x86)\Skillbrains
2014-08-01 10:46 . 2014-08-01 10:46	--------	d-----w-	c:\users\Acer\AppData\Local\Skillbrains
2014-07-28 15:22 . 2014-07-28 15:22	--------	d-----w-	c:\programdata\BlueStacks
2014-07-28 15:22 . 2014-07-28 15:22	--------	d-----w-	c:\program files (x86)\BlueStacks
2014-07-28 15:21 . 2014-07-28 15:21	--------	d-----w-	c:\users\Acer\AppData\Local\Bluestacks
2014-07-28 15:15 . 2014-07-28 15:15	--------	d-----w-	c:\users\Acer\AppData\Roaming\Mirillis
2014-07-28 15:15 . 2014-07-28 15:15	--------	d-----w-	c:\programdata\Mirillis
2014-07-28 15:15 . 2014-07-28 15:15	--------	d-----w-	C:\Action!
2014-07-28 15:15 . 2014-07-28 15:15	--------	d-----w-	c:\users\Acer\AppData\Local\Mirillis
2014-07-28 15:15 . 2014-07-28 15:15	--------	d-----w-	c:\program files (x86)\Mirillis
2014-07-26 17:08 . 2014-07-26 17:09	--------	d-----w-	c:\users\Acer\AppData\Local\QQSM
2014-07-26 16:56 . 2014-07-26 17:07	--------	d-----w-	c:\program files (x86)\Hazard Ops
2014-07-26 14:21 . 2014-07-26 17:08	--------	d-----w-	c:\programdata\Solid State Networks
2014-07-23 16:39 . 2014-07-23 16:39	--------	d-----w-	c:\users\Acer\AppData\Roaming\java
2014-07-23 16:36 . 2014-07-23 16:36	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-07-23 16:35 . 2014-07-23 16:34	321448	----a-w-	c:\windows\system32\javaws.exe
2014-07-23 16:06 . 2014-07-30 16:21	--------	d-----w-	c:\users\Acer\AppData\Roaming\.minecraft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-23 16:34 . 2013-06-07 16:01	191400	----a-w-	c:\windows\system32\javaw.exe
2014-07-23 16:34 . 2013-06-07 16:01	111016	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2014-07-23 16:34 . 2013-06-07 16:01	190888	----a-w-	c:\windows\system32\java.exe
2014-07-02 11:24 . 2014-07-02 11:24	257704	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10243.bin
2014-06-22 17:14 . 2013-06-03 17:24	95414520	----a-w-	c:\windows\system32\MRT.exe
2014-06-20 08:38 . 2012-06-22 14:40	72128	----a-w-	c:\windows\system32\drivers\cfwids.sys
2014-06-20 08:31 . 2012-06-22 14:38	348552	----a-w-	c:\windows\system32\drivers\mfewfpk.sys
2014-06-20 08:30 . 2012-10-25 04:29	189912	----a-w-	c:\windows\system32\mfevtps.exe
2014-06-20 08:26 . 2012-06-22 14:36	786296	----a-w-	c:\windows\system32\drivers\mfehidk.sys
2014-06-20 08:23 . 2012-06-22 14:35	523792	----a-w-	c:\windows\system32\drivers\mfefirek.sys
2014-06-20 08:21 . 2012-06-22 14:34	313544	----a-w-	c:\windows\system32\drivers\mfeavfk.sys
2014-06-20 08:20 . 2012-06-22 14:34	181704	----a-w-	c:\windows\system32\drivers\mfeapfk.sys
2014-06-20 08:09 . 2012-06-18 19:29	70600	----a-w-	c:\windows\system32\drivers\mfeelamk.sys
2014-06-18 01:12 . 2014-06-18 01:12	11336	----a-w-	c:\windows\system32\drivers\mfeclnrk.sys
2014-06-18 01:12 . 2014-06-18 01:12	96592	----a-w-	c:\windows\system32\drivers\mfencrk.sys
2014-06-18 01:11 . 2014-06-18 01:11	444720	----a-w-	c:\windows\system32\drivers\mfencbdc.sys
2014-05-31 05:16 . 2014-04-13 07:53	703992	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-31 05:16 . 2014-04-13 07:53	105464	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-29 23:07 . 2014-06-22 16:17	1291232	----a-w-	c:\windows\SysWow64\nvspbridge.dll
2014-05-29 23:07 . 2014-04-22 15:23	1122312	----a-w-	c:\windows\SysWow64\nvspcap.dll
2014-05-29 23:07 . 2014-06-22 16:17	1715176	----a-w-	c:\windows\system32\nvspbridge64.dll
2014-05-29 23:07 . 2014-04-22 15:23	1279480	----a-w-	c:\windows\system32\nvspcap64.dll
2014-05-24 02:48 . 2014-06-22 16:19	51712	----a-w-	c:\windows\system32\ie4uinit.exe
2014-05-24 02:47 . 2014-06-22 16:19	2239488	----a-w-	c:\windows\system32\wininet.dll
2014-05-24 02:47 . 2014-06-22 16:19	915968	----a-w-	c:\windows\system32\uxtheme.dll
2014-05-24 02:47 . 2014-06-22 16:19	53760	----a-w-	c:\windows\system32\UXInit.dll
2014-05-24 02:47 . 2014-06-22 16:19	1366016	----a-w-	c:\windows\system32\urlmon.dll
2014-05-24 02:46 . 2014-06-22 16:19	197120	----a-w-	c:\windows\system32\msrating.dll
2014-05-24 02:46 . 2014-06-22 16:19	97792	----a-w-	c:\windows\system32\mshtmled.dll
2014-05-24 02:46 . 2014-06-22 16:19	19290112	----a-w-	c:\windows\system32\mshtml.dll
2014-05-24 02:46 . 2014-06-22 16:19	603136	----a-w-	c:\windows\system32\msfeeds.dll
2014-05-24 02:46 . 2014-06-22 16:19	53760	----a-w-	c:\windows\system32\jsproxy.dll
2014-05-24 02:46 . 2014-06-22 16:19	855552	----a-w-	c:\windows\system32\jscript.dll
2014-05-24 02:46 . 2014-06-22 16:19	3958784	----a-w-	c:\windows\system32\jscript9.dll
2014-05-24 02:46 . 2014-06-22 16:19	39936	----a-w-	c:\windows\system32\iernonce.dll
2014-05-24 02:46 . 2014-06-22 16:19	136704	----a-w-	c:\windows\system32\iesysprep.dll
2014-05-24 02:46 . 2014-06-22 16:19	67072	----a-w-	c:\windows\system32\iesetup.dll
2014-05-24 02:46 . 2014-06-22 16:19	2650112	----a-w-	c:\windows\system32\iertutil.dll
2014-05-24 02:46 . 2014-06-22 16:19	15368704	----a-w-	c:\windows\system32\ieframe.dll
2014-05-24 02:45 . 2014-06-22 16:19	281600	----a-w-	c:\windows\system32\dxtrans.dll
2014-05-24 02:45 . 2014-06-22 16:19	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2014-05-24 02:45 . 2014-06-22 16:19	1508864	----a-w-	c:\windows\system32\inetcpl.cpl
2014-05-24 01:26 . 2014-06-22 16:19	1766400	----a-w-	c:\windows\SysWow64\wininet.dll
2014-05-24 01:26 . 2014-06-22 16:19	44032	----a-w-	c:\windows\SysWow64\UXInit.dll
2014-05-24 01:25 . 2014-06-22 16:19	2862080	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-05-24 01:25 . 2014-06-22 16:19	61440	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-05-24 01:25 . 2014-06-22 16:19	109056	----a-w-	c:\windows\SysWow64\iesysprep.dll
2014-05-24 01:25 . 2014-06-22 16:19	1440768	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-05-24 01:09 . 2014-06-22 16:19	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-24 01:03 . 2014-06-22 16:19	2706432	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-23 22:37 . 2014-06-22 16:19	534528	----a-w-	c:\windows\SysWow64\uxtheme.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311341126}]
2013-06-22 16:16	750952	----a-w-	c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-05-20 10:02	295832	----a-w-	c:\program files (x86)\Delta\delta\1.8.21.5\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-06-10 16:17	279560	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll" [2013-05-20 284056]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-07-16 1753280]
"Spotify Web Helper"="c:\users\Acer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-10 1178168]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2014-04-16 3588952]
"Akamai NetSession Interface"="c:\users\Acer\AppData\Local\Akamai\netsession_win.exe" [2014-03-06 4672920]
"LightShot"="c:\users\Acer\AppData\Local\Skillbrains\lightshot\Lightshot.exe" [2014-07-01 226560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"RadioController"="c:\program files (x86)\RadioController\RfBtnHelper.exe" [2012-11-28 111216]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-06-13 2236816]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"RoccatKonePure"="c:\program files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE" [2013-10-22 561152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-06-16 224128]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-07-03 831192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2012-07-26 62976]
.
c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Acer Backup Manager Tray.lnk - c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k [2012-8-23 533568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DeviceFastLaneService;Device Fast-lane Service;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;c:\windows\System32\drivers\tinspusb.sys;c:\windows\SYSNATIVE\drivers\tinspusb.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R3 xusb22;Treiberdienst 22 für Xbox 360 Wireless Receiver;c:\windows\System32\drivers\xusb22.sys;c:\windows\SYSNATIVE\drivers\xusb22.sys [x]
R4 BrcmCardReader;Broadcom Card Reader Service;c:\program files\Broadcom\MemoryCard\BrcmCardReader.exe;c:\program files\Broadcom\MemoryCard\BrcmCardReader.exe [x]
R4 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [x]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R4 ETDService;Elan Service;c:\program files\Elantech\ETDService.exe;c:\program files\Elantech\ETDService.exe [x]
R4 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
R4 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R4 RfButtonDriverService;Dritek RF Button Command Service;c:\windows\RfBtnSvc64.exe;c:\windows\RfBtnSvc64.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys;c:\windows\SYSNATIVE\drivers\McPvDrv.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 MfeASKM;McAfee Application Statistics Device Driver;c:\program files\McAfee\AppStats\MfeASKM.sys;c:\program files\McAfee\AppStats\MfeASKM.sys [x]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 CCDMonitorService;CCDMonitorService;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
S2 MfeASUM;McAfee Application Statistics Service;c:\program files\McAfee\AppStats\MfeASUM.exe;c:\program files\McAfee\AppStats\MfeASUM.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys;c:\windows\sysWOW64\drivers\npf_devolo.sys [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\System32\drivers\b57xdbd.sys;c:\windows\SYSNATIVE\drivers\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\System32\drivers\b57xdmp.sys;c:\windows\SYSNATIVE\drivers\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\System32\drivers\bScsiMSa.sys;c:\windows\SYSNATIVE\drivers\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\System32\drivers\bScsiSDa.sys;c:\windows\SYSNATIVE\drivers\bScsiSDa.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 ePowerSvc;ePower Service;c:\program files\Acer\Acer Power Management\ePowerSvc.exe;c:\program files\Acer\Acer Power Management\ePowerSvc.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 NETwNe64;@oem9.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 8 64-Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;c:\windows\System32\drivers\aPs2Kb2Hid.sys;c:\windows\SYSNATIVE\drivers\aPs2Kb2Hid.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-22 12:56	1104200	----a-w-	c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-27 11:27]
.
2014-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-27 11:27]
.
2014-08-01 c:\windows\Tasks\Plus-HD-2.3-codedownloader.job
- c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe [2013-06-22 16:16]
.
2014-08-01 c:\windows\Tasks\Plus-HD-2.3-enabler.job
- c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe [2013-06-22 11:16]
.
2014-08-01 c:\windows\Tasks\Plus-HD-2.3-updater.job
- c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe [2013-06-22 16:16]
.
2014-08-01 c:\windows\Tasks\update-S-1-5-21-3123453034-4028823714-348128312-1002.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2014-08-01 16:44]
.
2014-08-01 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2014-08-01 16:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-06-10 16:17	339464	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-06-11 21:58	3316080	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-06-11 21:58	3316080	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-06-11 21:58	3316080	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-23 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-23 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-23 441888]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-03 472984]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-05-29 2352072]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-05-29 1279480]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-04-15 10396440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{1631550F-191D-4826-B069-D9439253D926} - c:\program files (x86)\PriceGong\2.6.11\PriceGongIE.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Overwolf - c:\program files (x86)\Overwolf\Overwolf.exe
Wow6432Node-HKLM-Run-LManager - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-PriceGong - c:\program files (x86)\PriceGong\uninst.exe
AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
   0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
   eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"=hex:51,66,7a,6c,4c,1d,38,12,12,44,f2,
   86,66,ff,bd,0d,e7,87,70,98,39,78,f8,c7
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
   06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{11111111-1111-1111-1111-110311341126}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
   15,23,5f,7f,54,6e,07,52,43,14,6a,55,32
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
   b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{C1AF5FA5-852C-4C90-812E-A7F75E011D87}"=hex:51,66,7a,6c,4c,1d,38,12,cb,5c,bc,
   c5,1e,cb,fe,09,fe,38,e4,b7,5b,5f,59,93
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}"=hex:51,66,7a,6c,4c,1d,38,12,27,28,80,
   ea,f2,9b,77,08,dc,cc,8d,48,4c,7b,c9,f2
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
   f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2014-08-01  14:45:30
ComboFix-quarantined-files.txt  2014-08-01 12:45
.
Vor Suchlauf: 20 Verzeichnis(se), 270.390.386.688 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 270.519.025.664 Bytes frei
.
- - End Of File - - 95BF560E35C27A9B88D48EF344652E21
         


Alt 01.08.2014, 14:06   #6
M-K-D-B
/// TB-Ausbilder
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST.
__________________
--> h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig

Alt 01.08.2014, 15:00   #7
Mappin
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig



AdwCleaner:
Code:
ATTFilter
# AdwCleaner v3.302 - Bericht erstellt am 01/08/2014 um 15:24:30
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Acer - SIBTOP
# Gestartet von : C:\Users\Acer\Desktop\adwcleaner_3.302.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\Program Files (x86)\Plus-HD-2.3
Ordner Gelöscht : C:\Program Files (x86)\Skillbrains
Ordner Gelöscht : C:\Program Files (x86)\sweetpacks bundle uninstaller
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Spigot
Ordner Gelöscht : C:\Windows\SysWOW64\ARFC
Ordner Gelöscht : C:\Windows\SysWOW64\jmdp
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
Ordner Gelöscht : C:\Users\Acer\AppData\Local\Skillbrains
Ordner Gelöscht : C:\Users\Acer\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Acer\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Acer\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Acer\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Acer\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\AskToolbar
Datei Gelöscht : C:\Users\Acer\AppData\LocalLow\SkwConfig.bin
Datei Gelöscht : C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
Datei Gelöscht : C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage
Datei Gelöscht : C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.golsearch.com_0.localstorage
Datei Gelöscht : C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.golsearch.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : BrowserDefendert
Task Gelöscht : EPUpdater
Task Gelöscht : Plus-HD-2.3-codedownloader
Task Gelöscht : Plus-HD-2.3-enabler
Task Gelöscht : Plus-HD-2.3-updater
Task Gelöscht : update-sys

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\a55d9d8b76fe845
Schlüssel Gelöscht : HKLM\SOFTWARE\a55d9d8b76fe845
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033426.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033426.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033426.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311341126}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322342226}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345526}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346626}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341126}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345526}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346626}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Conduit
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SkillBrains
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Plus-HD-2.3
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\Plus-HD-2.3
Schlüssel Gelöscht : HKLM\Software\SkillBrains
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16921


-\\ Google Chrome v36.0.1985.125

[ Datei : C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : bkomkajifikmkfnjgphkjcfeepbnojok
Gelöscht [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Gelöscht [Extension] : mkcedibhemacmilmkpndpkoidlnmgngg

*************************

AdwCleaner[R0].txt - [15291 octets] - [01/08/2014 15:23:03]
AdwCleaner[S0].txt - [14234 octets] - [01/08/2014 15:24:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14295 octets] ##########
         
Mbam:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 01.08.2014
Suchlauf-Zeit: 15:34:06
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.01.02
Rootkit Datenbank: v2014.07.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Acer

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 342139
Verstrichene Zeit: 19 Min, 59 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 3
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-2.3, In Quarantäne, [8fd702bf295244f23515e7060df58f71], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3123453034-4028823714-348128312-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [590d1ca54e2d1c1acaaefa2a14f019e7], 
PUP.Optional.PlusHD.A, HKU\S-1-5-21-3123453034-4028823714-348128312-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-2.3, In Quarantäne, [d0966c55c9b20630351538b53fc310f0], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         
FRST:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by Acer (administrator) on SIBTOP on 01-08-2014 15:55:51
Running from C:\Users\Acer\Downloads
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\AppStats\MfeASUM.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Spotify Ltd) C:\Users\Acer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\mcafee\MAT\McPvTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
() C:\Program Files (x86)\Acer\Live Updater\updater.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsMap.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsShld.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-10-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-15] (Logitech Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2012-11-28] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-06-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [RoccatKonePure] => C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE [561152 2013-10-23] (ROCCAT GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-06-16] (Oracle Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3123453034-4028823714-348128312-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-3123453034-4028823714-348128312-1002\...\Run: [Spotify Web Helper] => C:\Users\Acer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-10] (Spotify Ltd)
HKU\S-1-5-21-3123453034-4028823714-348128312-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-04-17] (Electronic Arts)
HKU\S-1-5-21-3123453034-4028823714-348128312-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Acer\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3123453034-4028823714-348128312-1002\...\Run: [LightShot] => C:\Users\Acer\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {CAB5592E-CC92-436E-A6E9-54E071E9E406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {CAB5592E-CC92-436E-A6E9-54E071E9E406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {96EA97C4-52BE-4710-AFB4-4BBF5F9ED96E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKCU - {B05A6E20-A422-4BF3-A46F-0AADB29EBCC3} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=973AD222-32B8-4BEC-81D3-D600A21B23F7&apn_sauid=69B4F2A5-350D-48AC-A85C-0EBF5EA44F4B
SearchScopes: HKCU - {BC49B688-265C-45BD-8A3F-F778A308CB32} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE662&p={SearchTerms}
SearchScopes: HKCU - {CAB5592E-CC92-436E-A6E9-54E071E9E406} URL = 
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.11.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.11.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-10-25]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-10-25]

Chrome: 
=======
CHR HomePage: chrome://newtab
CHR StartupUrls: "hxxp://youtube.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Extension: (Google Docs) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-27]
CHR Extension: (Google Drive) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-27]
CHR Extension: (YouTube) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-27]
CHR Extension: (Google-Suche) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-27]
CHR Extension: (SiteAdvisor) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-06-30]
CHR Extension: (AdBlock) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-13]
CHR Extension: (Twitch Live) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiljidcefnbhbpamageahhblhbbhhopm [2014-03-08]
CHR Extension: (Google Wallet) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (365Scores - Live-Spielstände, Neuigkeiten) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpppefjehmjbiplimkfjeamnohldmko [2014-03-08]
CHR Extension: (Google Mail) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
S4 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [4113400 2013-02-04] (devolo AG)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2012-10-19] (ELAN Microelectronics Corp.)
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-06-13] (Freemake) [File not signed]
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-09] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MfeASUM; C:\Program Files\McAfee\AppStats\MfeASUM.exe [335216 2013-09-11] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-06-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
S4 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2012-11-28] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-07-03] (LogMeIn Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R1 MfeASKM; C:\Program Files\McAfee\AppStats\MfeASKM.sys [31408 2013-09-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-06-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-06-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4273192 2012-08-11] (Intel Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2012-09-07] (CACE Technologies)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-28] (Dritek System Inc.)
S3 USBTINSP; C:\Windows\System32\drivers\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
S3 athr; \SystemRoot\system32\DRIVERS\athrx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 15:54 - 2014-08-01 15:54 - 00001703 _____ () C:\Users\Acer\Desktop\mbam.txt
2014-08-01 15:33 - 2014-08-01 15:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 15:33 - 2014-08-01 15:33 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 15:33 - 2014-08-01 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 15:33 - 2014-08-01 15:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 15:33 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 15:33 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 15:33 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-01 15:32 - 2014-08-01 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-01 15:32 - 2014-05-15 03:02 - 00059424 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 15:32 - 2014-05-15 00:43 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 15:32 - 2014-05-15 00:43 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 15:32 - 2014-05-15 00:43 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-01 15:32 - 2014-05-15 00:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-01 15:23 - 2014-08-01 15:24 - 00000000 ____D () C:\AdwCleaner
2014-08-01 15:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-01 15:19 - 2014-08-01 15:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Acer\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-01 15:18 - 2014-08-01 15:19 - 01361309 _____ () C:\Users\Acer\Desktop\adwcleaner_3.302.exe
2014-08-01 14:45 - 2014-08-01 14:45 - 00032983 _____ () C:\ComboFix.txt
2014-08-01 14:35 - 2014-08-01 14:45 - 00000000 ____D () C:\Qoobox
2014-08-01 14:35 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-01 14:35 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-01 14:35 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-01 14:35 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-01 14:35 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-01 14:35 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-08-01 14:35 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-01 14:35 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-01 14:35 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-01 14:34 - 2014-08-01 14:44 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 14:34 - 2014-08-01 14:34 - 05567414 ____R () C:\Users\Acer\Downloads\ComboFix.exe
2014-08-01 12:55 - 2014-08-01 12:55 - 00045373 _____ () C:\Users\Acer\Downloads\Addition.txt
2014-08-01 12:54 - 2014-08-01 15:56 - 00028834 _____ () C:\Users\Acer\Downloads\FRST.txt
2014-08-01 12:54 - 2014-08-01 15:55 - 00000000 ____D () C:\FRST
2014-08-01 12:47 - 2014-08-01 12:47 - 00000000 ____D () C:\Users\Acer\Documents\Lightshot
2014-08-01 12:46 - 2014-08-01 12:50 - 00000400 _____ () C:\Windows\Tasks\update-S-1-5-21-3123453034-4028823714-348128312-1002.job
2014-08-01 12:46 - 2014-08-01 12:46 - 02273984 _____ (Skillbrains ) C:\Users\Acer\Downloads\setup-lightshot.exe
2014-08-01 12:46 - 2014-08-01 12:46 - 00003246 _____ () C:\Windows\System32\Tasks\update-S-1-5-21-3123453034-4028823714-348128312-1002
2014-08-01 12:46 - 2014-08-01 12:46 - 00000434 _____ () C:\Users\Acer\AppData\Local\UserProducts.xml
2014-08-01 12:46 - 2014-08-01 12:46 - 00000003 _____ () C:\Users\Acer\AppData\Local\updater.log
2014-08-01 12:46 - 2014-08-01 12:46 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-08-01 12:40 - 2014-08-01 12:40 - 00019968 _____ () C:\Users\Acer\Desktop\gmer.txt
2014-08-01 12:16 - 2014-08-01 12:16 - 00380416 _____ () C:\Users\Acer\Downloads\Gmer-19357.exe
2014-08-01 12:15 - 2014-08-01 12:15 - 00050477 _____ () C:\Users\Acer\Desktop\Defogger.exe
2014-08-01 12:15 - 2014-08-01 12:15 - 00000470 _____ () C:\Users\Acer\Desktop\defogger_disable.log
2014-08-01 12:15 - 2014-08-01 12:15 - 00000000 _____ () C:\Users\Acer\defogger_reenable
2014-08-01 12:08 - 2014-08-01 12:08 - 02094080 _____ (Farbar) C:\Users\Acer\Downloads\FRST64.exe
2014-07-31 15:59 - 2014-07-31 15:59 - 187850512 _____ () C:\Users\Acer\Desktop\LP2.mp4
2014-07-31 12:21 - 2014-07-31 12:22 - 374774656 _____ () C:\Users\Acer\Desktop\csgo 2014-07-31 12-21-48-30.avi
2014-07-30 16:38 - 2014-07-30 16:38 - 119320085 _____ () C:\Users\Acer\Desktop\Untitled.mp4
2014-07-30 15:58 - 2014-07-30 15:58 - 00027591 _____ () C:\Users\Acer\AppData\Local\recently-used.xbel
2014-07-29 18:31 - 2014-07-29 18:31 - 00000000 ____D () C:\Users\Acer\Desktop\Foto-Bestellung
2014-07-29 17:09 - 2014-07-29 17:09 - 182460392 _____ () C:\Users\Acer\Desktop\lp1.mp4
2014-07-29 15:58 - 2014-07-29 15:59 - 130299481 _____ () C:\Users\Acer\Desktop\CC.mp4
2014-07-28 19:24 - 2014-07-30 15:58 - 00000000 ____D () C:\Users\Acer\Desktop\Clash
2014-07-28 17:23 - 2014-07-28 17:23 - 00001860 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-07-28 17:23 - 2014-07-28 17:23 - 00001811 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-07-28 17:22 - 2014-07-28 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-07-28 17:22 - 2014-07-28 17:22 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-07-28 17:22 - 2014-07-28 17:22 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-07-28 17:21 - 2014-07-28 17:21 - 00000000 ____D () C:\Users\Acer\AppData\Local\Bluestacks
2014-07-28 17:15 - 2014-07-28 18:12 - 00000020 _____ () C:\Windows\capsys184523.log
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Users\Acer\AppData\Local\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\ProgramData\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Program Files (x86)\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Action!
2014-07-27 17:58 - 2014-07-27 17:58 - 00000295 _____ () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb (3).lnk
2014-07-26 19:08 - 2014-07-26 19:09 - 00000000 ____D () C:\Users\Acer\AppData\Local\QQSM
2014-07-26 19:07 - 2014-07-26 19:07 - 00001035 _____ () C:\Users\Public\Desktop\Hazard Ops.lnk
2014-07-26 19:07 - 2014-07-26 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hazard Ops
2014-07-26 18:56 - 2014-07-26 19:07 - 00000000 ____D () C:\Program Files (x86)\Hazard Ops
2014-07-26 16:21 - 2014-07-26 19:08 - 00000000 ____D () C:\ProgramData\Solid State Networks
2014-07-26 16:21 - 2014-07-26 18:55 - 00000000 ____D () C:\Users\Acer\Desktop\Hazard Ops Download
2014-07-23 18:39 - 2014-07-23 18:39 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\java
2014-07-23 18:35 - 2014-07-23 18:34 - 00321448 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-23 18:06 - 2014-07-30 18:21 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\.minecraft
2014-07-23 18:03 - 2014-07-23 18:03 - 00675988 _____ () C:\Users\Acer\Desktop\Minecraft.exe
2014-07-02 14:40 - 2014-07-28 17:43 - 00000000 ____D () C:\ProgramData\BlueStacksSetup

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 15:56 - 2014-08-01 12:54 - 00028834 _____ () C:\Users\Acer\Downloads\FRST.txt
2014-08-01 15:55 - 2014-08-01 12:54 - 00000000 ____D () C:\FRST
2014-08-01 15:55 - 2013-06-27 13:27 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 15:54 - 2014-08-01 15:54 - 00001703 _____ () C:\Users\Acer\Desktop\mbam.txt
2014-08-01 15:34 - 2013-06-02 18:12 - 01813229 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 15:34 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-01 15:33 - 2014-08-01 15:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 15:33 - 2014-08-01 15:33 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 15:33 - 2014-08-01 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 15:33 - 2014-08-01 15:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 15:33 - 2013-12-03 16:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 15:32 - 2014-08-01 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-01 15:32 - 2013-08-07 15:27 - 00001848 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-08-01 15:31 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-01 15:30 - 2013-10-08 13:15 - 00000000 __RSD () C:\Users\Acer\Documents\McAfee-Tresore
2014-08-01 15:27 - 2013-06-27 13:27 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-01 15:26 - 2012-10-25 05:55 - 00176538 _____ () C:\Windows\PFRO.log
2014-08-01 15:26 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-01 15:24 - 2014-08-01 15:23 - 00000000 ____D () C:\AdwCleaner
2014-08-01 15:20 - 2014-08-01 15:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Acer\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-01 15:19 - 2014-08-01 15:18 - 01361309 _____ () C:\Users\Acer\Desktop\adwcleaner_3.302.exe
2014-08-01 15:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-01 14:45 - 2014-08-01 14:45 - 00032983 _____ () C:\ComboFix.txt
2014-08-01 14:45 - 2014-08-01 14:35 - 00000000 ____D () C:\Qoobox
2014-08-01 14:45 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2014-08-01 14:44 - 2014-08-01 14:34 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 14:44 - 2012-07-26 07:26 - 00000215 _____ () C:\Windows\system.ini
2014-08-01 14:34 - 2014-08-01 14:34 - 05567414 ____R () C:\Users\Acer\Downloads\ComboFix.exe
2014-08-01 12:55 - 2014-08-01 12:55 - 00045373 _____ () C:\Users\Acer\Downloads\Addition.txt
2014-08-01 12:50 - 2014-08-01 12:46 - 00000400 _____ () C:\Windows\Tasks\update-S-1-5-21-3123453034-4028823714-348128312-1002.job
2014-08-01 12:47 - 2014-08-01 12:47 - 00000000 ____D () C:\Users\Acer\Documents\Lightshot
2014-08-01 12:47 - 2013-06-08 15:46 - 05718016 ___SH () C:\Users\Acer\Desktop\Thumbs.db
2014-08-01 12:46 - 2014-08-01 12:46 - 02273984 _____ (Skillbrains ) C:\Users\Acer\Downloads\setup-lightshot.exe
2014-08-01 12:46 - 2014-08-01 12:46 - 00003246 _____ () C:\Windows\System32\Tasks\update-S-1-5-21-3123453034-4028823714-348128312-1002
2014-08-01 12:46 - 2014-08-01 12:46 - 00000434 _____ () C:\Users\Acer\AppData\Local\UserProducts.xml
2014-08-01 12:46 - 2014-08-01 12:46 - 00000003 _____ () C:\Users\Acer\AppData\Local\updater.log
2014-08-01 12:46 - 2014-08-01 12:46 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-08-01 12:40 - 2014-08-01 12:40 - 00019968 _____ () C:\Users\Acer\Desktop\gmer.txt
2014-08-01 12:16 - 2014-08-01 12:16 - 00380416 _____ () C:\Users\Acer\Downloads\Gmer-19357.exe
2014-08-01 12:15 - 2014-08-01 12:15 - 00050477 _____ () C:\Users\Acer\Desktop\Defogger.exe
2014-08-01 12:15 - 2014-08-01 12:15 - 00000470 _____ () C:\Users\Acer\Desktop\defogger_disable.log
2014-08-01 12:15 - 2014-08-01 12:15 - 00000000 _____ () C:\Users\Acer\defogger_reenable
2014-08-01 12:15 - 2013-06-02 18:12 - 00000000 ____D () C:\Users\Acer
2014-08-01 12:08 - 2014-08-01 12:08 - 02094080 _____ (Farbar) C:\Users\Acer\Downloads\FRST64.exe
2014-08-01 11:26 - 2014-03-18 17:28 - 05036472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-01 11:26 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-01 10:42 - 2013-06-05 18:48 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Skype
2014-08-01 10:39 - 2013-06-22 13:06 - 00000000 ____D () C:\Users\Acer\AppData\Local\Adobe
2014-07-31 19:56 - 2013-06-06 15:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-31 15:59 - 2014-07-31 15:59 - 187850512 _____ () C:\Users\Acer\Desktop\LP2.mp4
2014-07-31 15:56 - 2013-06-02 18:37 - 00000000 ____D () C:\Users\Acer\AppData\Local\CrashDumps
2014-07-31 12:22 - 2014-07-31 12:21 - 374774656 _____ () C:\Users\Acer\Desktop\csgo 2014-07-31 12-21-48-30.avi
2014-07-30 18:21 - 2014-07-23 18:06 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\.minecraft
2014-07-30 16:38 - 2014-07-30 16:38 - 119320085 _____ () C:\Users\Acer\Desktop\Untitled.mp4
2014-07-30 16:00 - 2013-08-27 12:09 - 00000000 ____D () C:\Users\Acer\.gimp-2.8
2014-07-30 15:58 - 2014-07-30 15:58 - 00027591 _____ () C:\Users\Acer\AppData\Local\recently-used.xbel
2014-07-30 15:58 - 2014-07-28 19:24 - 00000000 ____D () C:\Users\Acer\Desktop\Clash
2014-07-30 15:58 - 2013-08-28 10:55 - 00000000 ____D () C:\Users\Acer\AppData\Local\gtk-2.0
2014-07-29 19:54 - 2012-11-29 07:27 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-07-29 19:54 - 2012-11-29 07:27 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-07-29 19:54 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-29 18:32 - 2012-07-26 09:21 - 00054262 _____ () C:\Windows\setupact.log
2014-07-29 18:31 - 2014-07-29 18:31 - 00000000 ____D () C:\Users\Acer\Desktop\Foto-Bestellung
2014-07-29 17:09 - 2014-07-29 17:09 - 182460392 _____ () C:\Users\Acer\Desktop\lp1.mp4
2014-07-29 15:59 - 2014-07-29 15:58 - 130299481 _____ () C:\Users\Acer\Desktop\CC.mp4
2014-07-28 18:12 - 2014-07-28 17:15 - 00000020 _____ () C:\Windows\capsys184523.log
2014-07-28 17:43 - 2014-07-02 14:40 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-07-28 17:23 - 2014-07-28 17:23 - 00001860 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-07-28 17:23 - 2014-07-28 17:23 - 00001811 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-07-28 17:23 - 2012-07-26 10:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-07-28 17:22 - 2014-07-28 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-07-28 17:22 - 2014-07-28 17:22 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-07-28 17:22 - 2014-07-28 17:22 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-07-28 17:21 - 2014-07-28 17:21 - 00000000 ____D () C:\Users\Acer\AppData\Local\Bluestacks
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Users\Acer\AppData\Local\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\ProgramData\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Program Files (x86)\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Action!
2014-07-28 15:34 - 2012-10-25 06:28 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-07-27 19:05 - 2013-06-02 18:20 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3123453034-4028823714-348128312-1002
2014-07-27 17:58 - 2014-07-27 17:58 - 00000295 _____ () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb (3).lnk
2014-07-27 17:46 - 2014-05-16 19:47 - 00000000 ____D () C:\Users\Acer\Desktop\YoutubeDownload
2014-07-27 15:25 - 2014-05-17 16:37 - 00000000 ____D () C:\Users\Acer\Desktop\Videos - ungerendert
2014-07-27 15:00 - 2013-06-08 15:32 - 00000000 ____D () C:\Fraps
2014-07-27 12:05 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-26 19:09 - 2014-07-26 19:08 - 00000000 ____D () C:\Users\Acer\AppData\Local\QQSM
2014-07-26 19:08 - 2014-07-26 16:21 - 00000000 ____D () C:\ProgramData\Solid State Networks
2014-07-26 19:07 - 2014-07-26 19:07 - 00001035 _____ () C:\Users\Public\Desktop\Hazard Ops.lnk
2014-07-26 19:07 - 2014-07-26 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hazard Ops
2014-07-26 19:07 - 2014-07-26 18:56 - 00000000 ____D () C:\Program Files (x86)\Hazard Ops
2014-07-26 18:55 - 2014-07-26 16:21 - 00000000 ____D () C:\Users\Acer\Desktop\Hazard Ops Download
2014-07-26 15:13 - 2013-06-08 16:05 - 00000000 ____D () C:\Users\Acer\AppData\Local\Windows Live
2014-07-26 15:11 - 2012-10-25 06:32 - 00000000 ____D () C:\Program Files (x86)\EgisTec MyWinLocker
2014-07-26 15:07 - 2012-10-25 06:32 - 00000000 ____D () C:\ProgramData\EgisTec IPS
2014-07-26 15:05 - 2012-10-25 06:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-25 11:05 - 2013-11-09 15:59 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Spotify
2014-07-25 10:38 - 2012-10-25 06:29 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-07-25 10:37 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-07-23 18:39 - 2014-07-23 18:39 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\java
2014-07-23 18:37 - 2013-11-09 15:59 - 00000000 ____D () C:\Users\Acer\AppData\Local\Spotify
2014-07-23 18:34 - 2014-07-23 18:35 - 00321448 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-23 18:34 - 2014-05-16 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-07-23 18:34 - 2014-04-22 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-23 18:34 - 2013-06-07 18:01 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-23 18:34 - 2013-06-07 18:01 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-23 18:34 - 2013-06-07 18:01 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-23 18:34 - 2013-06-07 18:00 - 00000000 ____D () C:\Program Files\Java
2014-07-23 18:03 - 2014-07-23 18:03 - 00675988 _____ () C:\Users\Acer\Desktop\Minecraft.exe
2014-07-10 13:17 - 2013-09-22 19:44 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\TS3Client
2014-07-08 17:04 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI

Files to move or delete:
====================
C:\Users\Acer\jagex_cl_runescape_LIVE.dat
C:\Users\Acer\random.dat


Some content of TEMP:
====================
C:\Users\Acer\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-22 19:43

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by Acer at 2014-08-01 15:56:43
Running from C:\Users\Acer\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
Ace of Spades (HKLM-x32\...\{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}) (Version: 0.75.015 - Ben Aksoy)
Ace of Spades (HKLM-x32\...\Steam App 224540) (Version:  - Jagex Limited)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.19.2 - Mirillis)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.0.0.181 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Any Video Converter 5.0.5 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arctic Combat (HKLM-x32\...\Steam App 212370) (Version:  - Battery Studio)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audacity Bundle by Fileparade.com (HKLM-x32\...\Audacity Bundle by Fileparade.com) (Version: 1.0.0.0 - SweetPacks LTD) <==== ATTENTION
Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{1AFACC2A-9A60-43EF-ABDB-2CEECA5EA77F}) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
Build and Shoot Launcher 1.1 (HKLM-x32\...\Build and Shoot Launcher) (Version: 1.1 - Buld Then Snip, LLC)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
devolo dLAN Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.0.0.0 - devolo AG)
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
Dxtory version 2.0.122 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.122 - Dxtory Software)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
ETDWare PS/2-X64 11.6.13.004_WHQL (HKLM\...\Elantech) (Version: 11.6.13.004 - ELAN Microelectronic Corp.)
Euro Truck Simulator 2 Demo (HKLM-x32\...\Steam App 231120) (Version:  - SCS Software)
FileZilla Client 3.7.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.1.1 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
Free Video to Flash Converter version 5.0.25.610 (HKLM-x32\...\Free Video to Flash Converter_is1) (Version: 5.0.25.610 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 5.0.25.610 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.25.610 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.8.717 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.8.717 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.3.610 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.3.610 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.0.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.1 - Ellora Assets Corporation)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Half-Life Dedicated Server Update Tool (HKLM-x32\...\Half-Life Dedicated Server Update Tool) (Version:  - )
HandBrake 0.9.9 (HKLM-x32\...\HandBrake) (Version: 0.9.9 - )
Hazard Ops (HKLM-x32\...\{F70DE052-CFFD-4DCB-8DA3-3ECAAFBB7D15}}_is1) (Version: 0.2.0.2042 - Infernum Productions AG)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418011FF}) (Version: 8.0.110 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.11.12 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 55 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.7 - Acer Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.154 - Logitech Inc.)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.0.6.2000 - Maxthon International Limited)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
MotoGP™13 Demo (HKLM-x32\...\Steam App 243820) (Version:  - Milestone S.r.l.)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.2 - Notepad++ Team)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3200 - Acer)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokemon Online 2.3.0 (HKLM-x32\...\{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1) (Version:  - Dreambelievers)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
ROCCAT Kone Pure Mouse Driver (HKLM-x32\...\{4905245D-56E7-4176-BE68-962728B803D6}) (Version:  - Roccat GmbH)
ROCCAT Power-Grid Version 0.459 (HKLM-x32\...\{953CF6E6-4EC8-4E55-A263-720CEBD591FE}_is1) (Version: 0.459 - ROCCAT GmbH)
Sauerbraten (HKLM-x32\...\Sauerbraten) (Version:  - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TI-Nspire(TM) CAS Student Software (HKLM-x32\...\{E8CC9064-8382-4D5C-9E55-F88D9541FFC0}) (Version: 3.2.0.1219 - Texas Instruments Inc.)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.17 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
XSplit Broadcaster (HKLM-x32\...\{4BC33FAB-4249-44D7-88A3-22682C577EE3}) (Version: 1.3.1310.1103 - SplitMediaLabs)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

10-07-2014 11:30:49 Geplanter Prüfpunkt
22-07-2014 17:47:10 Geplanter Prüfpunkt
26-07-2014 13:02:21 Konfiguriert MediaEspresso
27-07-2014 15:43:05 Removed BlueStacks Notification Center
01-08-2014 10:07:57 Removed Camtasia Studio 8

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2014-08-01 14:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1374B489-39EC-4BA9-BE12-9DCFBE284FF5} - System32\Tasks\{7DB51D54-7340-4D9C-B8C2-98EC221A65CF} => c:\program files (x86)\maxthon\bin\maxthon.exe [2013-05-06] (Maxthon International ltd.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1BB228C1-5DAD-465B-9C57-78681F1880D3} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {1C56FD5E-D85C-41E5-9224-C897114D1757} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {260E584D-B1F8-4579-84CF-F51FC00AA7E6} - System32\Tasks\{C59678A3-9AB9-496D-865B-6F398E1DEC86} => c:\program files (x86)\maxthon\bin\maxthon.exe [2013-05-06] (Maxthon International ltd.)
Task: {26F72A6D-3F73-49B0-8B99-5E273B515A50} - System32\Tasks\{1D234A3F-0A38-4D93-83F8-F950A7A977AD} => c:\program files (x86)\maxthon\bin\maxthon.exe [2013-05-06] (Maxthon International ltd.)
Task: {2BBDF949-171E-47C1-A55C-A8292D1AE47A} - System32\Tasks\{68F5A7AF-B70A-4DE7-85B1-21BCE0133032} => c:\program files (x86)\maxthon\bin\maxthon.exe [2013-05-06] (Maxthon International ltd.)
Task: {44A55202-E24E-402B-B96C-9F2B7C906C9B} - System32\Tasks\update-S-1-5-21-3123453034-4028823714-348128312-1002 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {52EF4DF8-76E9-4CC4-AA1D-F6AE1AB61497} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {7F6C71C4-B065-4130-9449-170A55255CC5} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-06-03] (Maxthon International ltd.)
Task: {93347DF4-5F18-4248-AEE6-D871894B8294} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A9B3D63B-DE1C-4886-917E-D58A3BA32ADB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-27] (Google Inc.)
Task: {AF9CD05D-B25C-4EC7-B86D-8C27BAAC3146} - System32\Tasks\AdobeAAMUpdater-1.0-SibTop-Acer => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {B1D35763-18E8-4151-8F73-7626C0DBD09D} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {B8E9693A-7C3B-46D6-8BD2-3C064F6F956C} - System32\Tasks\{D56270AE-F972-4A9B-AC8D-607AF94A4925} => c:\program files (x86)\maxthon\bin\maxthon.exe [2013-05-06] (Maxthon International ltd.)
Task: {C53BD627-907F-46DC-8AC1-12B1F018D8DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-27] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EACCC4AB-96B2-42EA-8EEE-1335F0E399BC} - System32\Tasks\{FEFAFBD3-E9E9-442A-BF1C-1A8745FEB34C} => c:\program files (x86)\maxthon\bin\maxthon.exe [2013-05-06] (Maxthon International ltd.)
Task: {EBB5E046-98AD-4CAE-ACD7-CF3AC4482B1E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FBA71317-EB0D-4719-A075-715EE0EA0F86} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-3123453034-4028823714-348128312-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (whitelisted) =============

2014-04-22 17:10 - 2014-03-04 16:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-22 17:19 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-06-11 23:58 - 2013-06-11 23:58 - 03316080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-07-26 09:58 - 2012-07-26 09:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-10-29 07:33 - 2012-10-23 20:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-11 20:21 - 2014-02-11 20:21 - 00860160 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-02-11 20:22 - 2014-02-11 20:22 - 01043968 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-02-11 20:21 - 2014-02-11 20:21 - 00052736 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-02-11 20:22 - 2014-02-11 20:22 - 00236032 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2013-06-11 23:58 - 2013-06-11 23:58 - 04513648 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2012-08-30 06:40 - 2012-08-30 06:40 - 03331216 _____ () C:\Program Files (x86)\Acer\Live Updater\updater.exe
2012-08-23 08:26 - 2012-08-23 08:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-23 08:26 - 2012-08-23 08:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-23 08:26 - 2012-08-23 08:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2013-06-13 22:11 - 2013-06-13 22:11 - 32726528 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2014-03-26 17:27 - 2012-06-23 15:54 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\hiddriver.dll
2013-03-13 13:42 - 2013-06-05 14:21 - 00071560 _____ () C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
2013-06-11 23:57 - 2013-06-11 23:57 - 00381808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CCInvokeAAM.dll
2013-06-27 22:12 - 2013-06-27 22:12 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-07-22 14:57 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-22 14:57 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-04-22 17:10 - 2014-03-04 16:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-07-22 14:57 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-22 14:57 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-22 14:57 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2012-11-28 22:42 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Acer\AppData\Local\Temporary Internet Files:BQvlh9x4TJm7wCjTHxVXKY3j
AlternateDataStreams: C:\Users\Acer\AppData\Local\Temporary Internet Files:Sqy0f8GJCFuB9poCX4gmtpk7NDcbYX

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BrcmCardReader => 2
MSCONFIG\Services: DevoloNetworkService => 2
MSCONFIG\Services: DsiWMIService => 2
MSCONFIG\Services: EgisTec Ticket Service => 3
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: Freemake Improver => 2
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: RfButtonDriverService => 2
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKCU\...\StartupApproved\Run: => "Steam"
HKCU\...\StartupApproved\Run: => "EADM"
HKCU\...\StartupApproved\Run: => "Akamai NetSession Interface"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2014 11:30:31 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to launch stream service as user [87]

Error: (07/31/2014 03:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HD-Frontend.exe, Version: 0.8.12.3119, Zeitstempel: 0x53b58743
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d2be6
Ausnahmecode: 0xc0020001
Fehleroffset: 0x00010f22
ID des fehlerhaften Prozesses: 0x2f8
Startzeit der fehlerhaften Anwendung: 0xHD-Frontend.exe0
Pfad der fehlerhaften Anwendung: HD-Frontend.exe1
Pfad des fehlerhaften Moduls: HD-Frontend.exe2
Berichtskennung: HD-Frontend.exe3
Vollständiger Name des fehlerhaften Pakets: HD-Frontend.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HD-Frontend.exe5

Error: (07/31/2014 03:48:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HD-Frontend.exe, Version: 0.8.12.3119, Zeitstempel: 0x53b58743
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d2be6
Ausnahmecode: 0xc0020001
Fehleroffset: 0x00010f22
ID des fehlerhaften Prozesses: 0x1df8
Startzeit der fehlerhaften Anwendung: 0xHD-Frontend.exe0
Pfad der fehlerhaften Anwendung: HD-Frontend.exe1
Pfad des fehlerhaften Moduls: HD-Frontend.exe2
Berichtskennung: HD-Frontend.exe3
Vollständiger Name des fehlerhaften Pakets: HD-Frontend.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HD-Frontend.exe5

Error: (07/31/2014 03:03:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm HD-Frontend.exe, Version 0.8.12.3119 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f2c

Startzeit: 01cfacbfc4baf785

Endzeit: 12

Anwendungspfad: C:\Program Files (x86)\BlueStacks\HD-Frontend.exe

Berichts-ID: 0d675112-18b3-11e4-beb7-b888e3da3fac

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/31/2014 11:23:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HD-Frontend.exe, Version: 0.8.12.3119, Zeitstempel: 0x53b58743
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d2be6
Ausnahmecode: 0xc0020001
Fehleroffset: 0x00010f22
ID des fehlerhaften Prozesses: 0x12dc
Startzeit der fehlerhaften Anwendung: 0xHD-Frontend.exe0
Pfad der fehlerhaften Anwendung: HD-Frontend.exe1
Pfad des fehlerhaften Moduls: HD-Frontend.exe2
Berichtskennung: HD-Frontend.exe3
Vollständiger Name des fehlerhaften Pakets: HD-Frontend.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HD-Frontend.exe5

Error: (07/31/2014 10:11:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_wcncsvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16579, Zeitstempel: 0x51637f77
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005af58
ID des fehlerhaften Prozesses: 0x1818
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_wcncsvc0
Pfad der fehlerhaften Anwendung: svchost.exe_wcncsvc1
Pfad des fehlerhaften Moduls: svchost.exe_wcncsvc2
Berichtskennung: svchost.exe_wcncsvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_wcncsvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_wcncsvc5

Error: (07/30/2014 04:27:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HD-Frontend.exe, Version: 0.8.12.3119, Zeitstempel: 0x53b58743
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d2be6
Ausnahmecode: 0xc0020001
Fehleroffset: 0x00010f22
ID des fehlerhaften Prozesses: 0x1914
Startzeit der fehlerhaften Anwendung: 0xHD-Frontend.exe0
Pfad der fehlerhaften Anwendung: HD-Frontend.exe1
Pfad des fehlerhaften Moduls: HD-Frontend.exe2
Berichtskennung: HD-Frontend.exe3
Vollständiger Name des fehlerhaften Pakets: HD-Frontend.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HD-Frontend.exe5

Error: (07/29/2014 05:09:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm gimp-2.8.exe, Version 2.8.6.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1100

Startzeit: 01cfab3f1294a66a

Endzeit: 2

Anwendungspfad: C:\Program Files\GIMP 2\bin\gimp-2.8.exe

Berichts-ID: 5d2f4374-1732-11e4-beb7-b888e3da3fac

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/29/2014 05:09:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm gimp-2.8.exe, Version 2.8.6.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17bc

Startzeit: 01cfab3ecd1d7d0a

Endzeit: 25

Anwendungspfad: C:\Program Files\GIMP 2\bin\gimp-2.8.exe

Berichts-ID: 46cf0ec0-1732-11e4-beb7-b888e3da3fac

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/29/2014 05:07:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm gimp-2.8.exe, Version 2.8.6.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 11dc

Startzeit: 01cfab3ea1a9bacb

Endzeit: 24

Anwendungspfad: C:\Program Files\GIMP 2\bin\gimp-2.8.exe

Berichts-ID: 05be1b7c-1732-11e4-beb7-b888e3da3fac

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (08/01/2014 03:27:49 PM) (Source: DCOM) (EventID: 10016) (User: SibTop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SibTopAcerS-1-5-21-3123453034-4028823714-348128312-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/01/2014 03:27:49 PM) (Source: DCOM) (EventID: 10016) (User: SibTop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SibTopAcerS-1-5-21-3123453034-4028823714-348128312-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/01/2014 03:27:49 PM) (Source: DCOM) (EventID: 10016) (User: SibTop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SibTopAcerS-1-5-21-3123453034-4028823714-348128312-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/01/2014 03:27:49 PM) (Source: DCOM) (EventID: 10016) (User: SibTop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SibTopAcerS-1-5-21-3123453034-4028823714-348128312-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/01/2014 03:27:49 PM) (Source: DCOM) (EventID: 10016) (User: SibTop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SibTopAcerS-1-5-21-3123453034-4028823714-348128312-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/01/2014 03:27:49 PM) (Source: DCOM) (EventID: 10016) (User: SibTop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SibTopAcerS-1-5-21-3123453034-4028823714-348128312-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/01/2014 03:27:49 PM) (Source: DCOM) (EventID: 10016) (User: SibTop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SibTopAcerS-1-5-21-3123453034-4028823714-348128312-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/01/2014 03:27:48 PM) (Source: DCOM) (EventID: 10016) (User: SibTop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SibTopAcerS-1-5-21-3123453034-4028823714-348128312-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/01/2014 03:27:48 PM) (Source: DCOM) (EventID: 10016) (User: SibTop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SibTopAcerS-1-5-21-3123453034-4028823714-348128312-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/01/2014 03:27:48 PM) (Source: DCOM) (EventID: 10016) (User: SibTop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SibTopAcerS-1-5-21-3123453034-4028823714-348128312-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


Microsoft Office Sessions:
=========================
Error: (08/01/2014 11:30:31 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to launch stream service as user [87]

Error: (07/31/2014 03:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HD-Frontend.exe0.8.12.311953b58743KERNELBASE.dll6.2.9200.16864531d2be6c002000100010f222f801cfacc7102de848C:\Program Files (x86)\BlueStacks\HD-Frontend.exeC:\Windows\SYSTEM32\KERNELBASE.dll82d7ee31-18ba-11e4-beb7-b888e3da3fac

Error: (07/31/2014 03:48:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HD-Frontend.exe0.8.12.311953b58743KERNELBASE.dll6.2.9200.16864531d2be6c002000100010f221df801cfacc5f2995ad2C:\Program Files (x86)\BlueStacks\HD-Frontend.exeC:\Windows\SYSTEM32\KERNELBASE.dll698e8686-18b9-11e4-beb7-b888e3da3fac

Error: (07/31/2014 03:03:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HD-Frontend.exe0.8.12.3119f2c01cfacbfc4baf78512C:\Program Files (x86)\BlueStacks\HD-Frontend.exe0d675112-18b3-11e4-beb7-b888e3da3fac

Error: (07/31/2014 11:23:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: HD-Frontend.exe0.8.12.311953b58743KERNELBASE.dll6.2.9200.16864531d2be6c002000100010f2212dc01cfaca02eb1cc16C:\Program Files (x86)\BlueStacks\HD-Frontend.exeC:\Windows\SYSTEM32\KERNELBASE.dll53b2f45d-1894-11e4-beb7-b888e3da3fac

Error: (07/31/2014 10:11:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_wcncsvc6.2.9200.16420505a9a4entdll.dll6.2.9200.1657951637f77c0000005000000000005af58181801cfab09ca39d86dC:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll34d7e11b-188a-11e4-beb7-b888e3da3fac

Error: (07/30/2014 04:27:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HD-Frontend.exe0.8.12.311953b58743KERNELBASE.dll6.2.9200.16864531d2be6c002000100010f22191401cfac00ac7bbe35C:\Program Files (x86)\BlueStacks\HD-Frontend.exeC:\Windows\SYSTEM32\KERNELBASE.dll9704f30c-17f5-11e4-beb7-b888e3da3fac

Error: (07/29/2014 05:09:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gimp-2.8.exe2.8.6.0110001cfab3f1294a66a2C:\Program Files\GIMP 2\bin\gimp-2.8.exe5d2f4374-1732-11e4-beb7-b888e3da3fac

Error: (07/29/2014 05:09:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gimp-2.8.exe2.8.6.017bc01cfab3ecd1d7d0a25C:\Program Files\GIMP 2\bin\gimp-2.8.exe46cf0ec0-1732-11e4-beb7-b888e3da3fac

Error: (07/29/2014 05:07:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gimp-2.8.exe2.8.6.011dc01cfab3ea1a9bacb24C:\Program Files\GIMP 2\bin\gimp-2.8.exe05be1b7c-1732-11e4-beb7-b888e3da3fac


CodeIntegrity Errors:
===================================
  Date: 2014-08-01 14:43:28.320
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 44%
Total physical RAM: 8007.27 MB
Available physical RAM: 4415.72 MB
Total Pagefile: 9223.27 MB
Available Pagefile: 4797.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.19 GB) (Free:251.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 28EF967C)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 01.08.2014, 20:02   #8
M-K-D-B
/// TB-Ausbilder
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig



Schritt 1
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    ATTFilter
    iedefaults;
    resetIEproxy;
    FFdefaults;
    CHRdefaults;
    emptyclsid;
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).







Schritt 2
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
Task: {44A55202-E24E-402B-B96C-9F2B7C906C9B} - System32\Tasks\update-S-1-5-21-3123453034-4028823714-348128312-1002 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-S-1-5-21-3123453034-4028823714-348128312-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
C:\Program Files (x86)\Skillbrains
Reboot:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 3
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :filefind
    *Skillbrains*
    
    :folderfind
    *Skillbrains*
    
    :regfind
    Skillbrains
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.






Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von Zoek,
  • die Logdatei des FRST-Fix,
  • die Logdatei von SystemLook,
  • die beiden neuen Logdateien von FRST.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 02.08.2014, 11:28   #9
Mappin
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig



Zoek:
Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 31-07-2014
Tool run by Acer on 02.08.2014 at 11:57:34,19.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Acer\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

02.08.2014 12:01:09 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3123453034-4028823714-348128312-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_USERS\S-1-5-21-3123453034-4028823714-348128312-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110311341126} deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{2BE8C041-54BF-445F-9D98-45FE9AC3522F} Bing  Url="hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox"
{96EA97C4-52BE-4710-AFB4-4BBF5F9ED96E} Yahoo  Url="hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}"
{B05A6E20-A422-4BF3-A46F-0AADB29EBCC3} Ask Search Url="hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=973AD222-32B8-4BEC-81D3-D600A21B23F7&apn_sauid=69B4F2A5-350D-48AC-A85C-0EBF5EA44F4B"
{BC49B688-265C-45BD-8A3F-F778A308CB32} Sichere Suche Url="hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE662&p={SearchTerms}"
{CAB5592E-CC92-436E-A6E9-54E071E9E406} Unknown  Url="Not_Found"
{DECA3892-BA8F-44b8-A993-A466AD694AE4} Yahoo! Suche Url="hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv"

==== Reset Google Chrome ======================

C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="<local>"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 02.08.2014 at 12:01:42,64 ======================
         
Fixlog:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014 02
Ran by Acer at 2014-08-02 12:07:01 Run:2
Running from C:\Users\Acer\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Task: {44A55202-E24E-402B-B96C-9F2B7C906C9B} - System32\Tasks\update-S-1-5-21-3123453034-4028823714-348128312-1002 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-S-1-5-21-3123453034-4028823714-348128312-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
C:\Program Files (x86)\Skillbrains
Reboot:
end
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44A55202-E24E-402B-B96C-9F2B7C906C9B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44A55202-E24E-402B-B96C-9F2B7C906C9B}" => Key deleted successfully.
C:\Windows\System32\Tasks\update-S-1-5-21-3123453034-4028823714-348128312-1002 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-S-1-5-21-3123453034-4028823714-348128312-1002" => Key deleted successfully.
C:\Windows\Tasks\update-S-1-5-21-3123453034-4028823714-348128312-1002.job => Moved successfully.
"C:\Program Files (x86)\Skillbrains" => File/Directory not found.


The system needed a reboot. 

==== End of Fixlog ====
         
SystemLook:
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 12:15 on 02/08/2014 by Acer
Administrator - Elevation successful

========== filefind ==========

Searching for "*Skillbrains*"
No files found.

========== folderfind ==========

Searching for "*Skillbrains*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Skillbrains	d------	[13:24 01/08/2014]
C:\AdwCleaner\Quarantine\C\Users\Acer\AppData\Local\Skillbrains	d------	[13:24 01/08/2014]

========== regfind ==========

Searching for "Skillbrains"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightShot"="C:\Users\Acer\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue"
[HKEY_USERS\S-1-5-21-3123453034-4028823714-348128312-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"LightShot"="C:\Users\Acer\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue"

-= EOF =-
         
FRST:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by Acer (administrator) on SIBTOP on 02-08-2014 12:24:40
Running from C:\Users\Acer\Downloads
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\AppStats\MfeASUM.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Spotify Ltd) C:\Users\Acer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\mcafee\MAT\McPvTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsMap.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsShld.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-10-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-15] (Logitech Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2012-11-28] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-06-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [RoccatKonePure] => C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE [561152 2013-10-23] (ROCCAT GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-06-16] (Oracle Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3123453034-4028823714-348128312-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-3123453034-4028823714-348128312-1002\...\Run: [Spotify Web Helper] => C:\Users\Acer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-10] (Spotify Ltd)
HKU\S-1-5-21-3123453034-4028823714-348128312-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-04-17] (Electronic Arts)
HKU\S-1-5-21-3123453034-4028823714-348128312-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Acer\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3123453034-4028823714-348128312-1002\...\Run: [LightShot] => C:\Users\Acer\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {CAB5592E-CC92-436E-A6E9-54E071E9E406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {CAB5592E-CC92-436E-A6E9-54E071E9E406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {96EA97C4-52BE-4710-AFB4-4BBF5F9ED96E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKCU - {B05A6E20-A422-4BF3-A46F-0AADB29EBCC3} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=973AD222-32B8-4BEC-81D3-D600A21B23F7&apn_sauid=69B4F2A5-350D-48AC-A85C-0EBF5EA44F4B
SearchScopes: HKCU - {BC49B688-265C-45BD-8A3F-F778A308CB32} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE662&p={SearchTerms}
SearchScopes: HKCU - {CAB5592E-CC92-436E-A6E9-54E071E9E406} URL = 
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.11.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.11.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-10-25]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-10-25]

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-27]
CHR Extension: (Google Drive) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-27]
CHR Extension: (YouTube) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-27]
CHR Extension: (Google-Suche) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-27]
CHR Extension: (Google Wallet) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (Google Mail) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
S4 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [4113400 2013-02-04] (devolo AG)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2012-10-19] (ELAN Microelectronics Corp.)
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-06-13] (Freemake) [File not signed]
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-09] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MfeASUM; C:\Program Files\McAfee\AppStats\MfeASUM.exe [335216 2013-09-11] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-06-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
S4 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2012-11-28] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-07-03] (LogMeIn Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R1 MfeASKM; C:\Program Files\McAfee\AppStats\MfeASKM.sys [31408 2013-09-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-06-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-06-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4273192 2012-08-11] (Intel Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2012-09-07] (CACE Technologies)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-28] (Dritek System Inc.)
S3 USBTINSP; C:\Windows\System32\drivers\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
S3 athr; \SystemRoot\system32\DRIVERS\athrx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 12:15 - 2014-08-02 12:22 - 00001810 _____ () C:\Users\Acer\Desktop\SystemLook.txt
2014-08-02 12:14 - 2014-08-02 12:14 - 00165376 _____ () C:\Users\Acer\Downloads\SystemLook_x64.exe
2014-08-02 12:14 - 2014-08-02 12:14 - 00165376 _____ () C:\Users\Acer\Desktop\SystemLook_x64.exe
2014-08-02 12:14 - 2014-08-02 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-02 12:08 - 2014-08-02 12:08 - 05036472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-02 12:01 - 2014-08-02 12:01 - 00003583 _____ () C:\zoek-results.log
2014-08-02 11:57 - 2014-08-02 11:57 - 00000000 ____D () C:\zoek_backup
2014-08-02 10:47 - 2014-06-26 22:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 10:47 - 2014-06-26 22:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 16:06 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-08-01 16:06 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-08-01 16:06 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-01 16:06 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-08-01 16:06 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-08-01 16:06 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-08-01 16:06 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-08-01 16:06 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-08-01 16:05 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-01 16:05 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-01 16:05 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-01 16:05 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-01 16:05 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-01 16:05 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-01 16:05 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-01 16:05 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-01 16:05 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-01 16:05 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-01 16:05 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-01 16:05 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-01 16:05 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-01 16:05 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-01 16:05 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-01 16:05 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 16:05 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-01 16:05 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-01 16:05 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-01 16:05 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-01 16:05 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-01 16:05 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-01 16:05 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-01 16:05 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-01 16:05 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-01 16:05 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-01 16:05 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-01 16:05 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-01 16:05 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-01 16:05 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-01 16:05 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-01 16:05 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-01 16:05 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-01 16:05 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-01 16:05 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-01 16:05 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-01 16:05 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-01 16:05 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-01 16:05 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-01 16:05 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-01 16:05 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-01 16:05 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-01 16:05 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-01 16:04 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-08-01 16:04 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-01 16:04 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-01 15:33 - 2014-08-01 15:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 15:33 - 2014-08-01 15:33 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 15:33 - 2014-08-01 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 15:33 - 2014-08-01 15:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 15:33 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 15:33 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 15:33 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-01 15:32 - 2014-05-20 04:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 15:32 - 2014-05-20 01:45 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 15:32 - 2014-05-20 01:45 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 15:32 - 2014-05-20 01:24 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 15:32 - 2014-05-20 01:24 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 15:32 - 2014-05-20 01:24 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 15:32 - 2014-05-20 01:24 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-01 15:32 - 2014-05-20 01:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-01 15:32 - 2014-05-20 01:24 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 15:31 - 2014-05-15 00:43 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 15:31 - 2014-05-15 00:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 15:31 - 2014-05-15 00:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 15:31 - 2014-05-15 00:42 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-01 15:23 - 2014-08-01 15:24 - 00000000 ____D () C:\AdwCleaner
2014-08-01 15:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-01 15:18 - 2014-08-01 15:19 - 01361309 _____ () C:\Users\Acer\Desktop\adwcleaner_3.302.exe
2014-08-01 14:45 - 2014-08-01 14:45 - 00032983 _____ () C:\ComboFix.txt
2014-08-01 14:35 - 2014-08-01 14:45 - 00000000 ____D () C:\Qoobox
2014-08-01 14:35 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-01 14:35 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-01 14:35 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-01 14:35 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-01 14:35 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-01 14:35 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-08-01 14:35 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-01 14:35 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-01 14:35 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-01 14:34 - 2014-08-01 14:44 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 12:55 - 2014-08-01 15:57 - 00044814 _____ () C:\Users\Acer\Downloads\Addition.txt
2014-08-01 12:54 - 2014-08-02 12:25 - 00025778 _____ () C:\Users\Acer\Downloads\FRST.txt
2014-08-01 12:54 - 2014-08-02 12:24 - 00000000 ____D () C:\FRST
2014-08-01 12:47 - 2014-08-01 12:47 - 00000000 ____D () C:\Users\Acer\Documents\Lightshot
2014-08-01 12:46 - 2014-08-01 12:46 - 02273984 _____ (Skillbrains ) C:\Users\Acer\Downloads\setup-lightshot.exe
2014-08-01 12:46 - 2014-08-01 12:46 - 00000434 _____ () C:\Users\Acer\AppData\Local\UserProducts.xml
2014-08-01 12:46 - 2014-08-01 12:46 - 00000003 _____ () C:\Users\Acer\AppData\Local\updater.log
2014-08-01 12:46 - 2014-08-01 12:46 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-08-01 12:16 - 2014-08-01 12:16 - 00380416 _____ () C:\Users\Acer\Downloads\Gmer-19357.exe
2014-08-01 12:15 - 2014-08-01 12:15 - 00050477 _____ () C:\Users\Acer\Desktop\Defogger.exe
2014-08-01 12:15 - 2014-08-01 12:15 - 00000000 _____ () C:\Users\Acer\defogger_reenable
2014-08-01 12:08 - 2014-08-01 12:08 - 02094080 _____ (Farbar) C:\Users\Acer\Downloads\FRST64.exe
2014-07-31 15:59 - 2014-07-31 15:59 - 187850512 _____ () C:\Users\Acer\Desktop\LP2.mp4
2014-07-31 12:21 - 2014-07-31 12:22 - 374774656 _____ () C:\Users\Acer\Desktop\csgo 2014-07-31 12-21-48-30.avi
2014-07-30 16:38 - 2014-07-30 16:38 - 119320085 _____ () C:\Users\Acer\Desktop\Untitled.mp4
2014-07-30 15:58 - 2014-07-30 15:58 - 00027591 _____ () C:\Users\Acer\AppData\Local\recently-used.xbel
2014-07-29 18:31 - 2014-07-29 18:31 - 00000000 ____D () C:\Users\Acer\Desktop\Foto-Bestellung
2014-07-29 17:09 - 2014-07-29 17:09 - 182460392 _____ () C:\Users\Acer\Desktop\lp1.mp4
2014-07-29 15:58 - 2014-07-29 15:59 - 130299481 _____ () C:\Users\Acer\Desktop\CC.mp4
2014-07-28 19:24 - 2014-07-30 15:58 - 00000000 ____D () C:\Users\Acer\Desktop\Clash
2014-07-28 17:23 - 2014-07-28 17:23 - 00001860 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-07-28 17:23 - 2014-07-28 17:23 - 00001811 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-07-28 17:22 - 2014-07-28 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-07-28 17:22 - 2014-07-28 17:22 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-07-28 17:22 - 2014-07-28 17:22 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-07-28 17:21 - 2014-07-28 17:21 - 00000000 ____D () C:\Users\Acer\AppData\Local\Bluestacks
2014-07-28 17:15 - 2014-07-28 18:12 - 00000020 _____ () C:\Windows\capsys184523.log
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Users\Acer\AppData\Local\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\ProgramData\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Program Files (x86)\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Action!
2014-07-27 17:58 - 2014-07-27 17:58 - 00000295 _____ () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb (3).lnk
2014-07-26 19:08 - 2014-07-26 19:09 - 00000000 ____D () C:\Users\Acer\AppData\Local\QQSM
2014-07-26 19:07 - 2014-07-26 19:07 - 00001035 _____ () C:\Users\Public\Desktop\Hazard Ops.lnk
2014-07-26 19:07 - 2014-07-26 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hazard Ops
2014-07-26 18:56 - 2014-07-26 19:07 - 00000000 ____D () C:\Program Files (x86)\Hazard Ops
2014-07-26 16:21 - 2014-07-26 19:08 - 00000000 ____D () C:\ProgramData\Solid State Networks
2014-07-26 16:21 - 2014-07-26 18:55 - 00000000 ____D () C:\Users\Acer\Desktop\Hazard Ops Download
2014-07-23 18:39 - 2014-07-23 18:39 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\java
2014-07-23 18:35 - 2014-07-23 18:34 - 00321448 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-23 18:06 - 2014-08-01 19:55 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\.minecraft
2014-07-23 18:03 - 2014-07-23 18:03 - 00675988 _____ () C:\Users\Acer\Desktop\Minecraft.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 12:25 - 2014-08-01 12:54 - 00025778 _____ () C:\Users\Acer\Downloads\FRST.txt
2014-08-02 12:24 - 2014-08-01 12:54 - 00000000 ____D () C:\FRST
2014-08-02 12:22 - 2014-08-02 12:15 - 00001810 _____ () C:\Users\Acer\Desktop\SystemLook.txt
2014-08-02 12:19 - 2013-06-02 18:12 - 01052619 _____ () C:\Windows\WindowsUpdate.log
2014-08-02 12:14 - 2014-08-02 12:14 - 00165376 _____ () C:\Users\Acer\Downloads\SystemLook_x64.exe
2014-08-02 12:14 - 2014-08-02 12:14 - 00165376 _____ () C:\Users\Acer\Desktop\SystemLook_x64.exe
2014-08-02 12:14 - 2014-08-02 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-02 12:14 - 2013-08-07 15:27 - 00001848 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-08-02 12:12 - 2013-10-08 13:15 - 00000000 __RSD () C:\Users\Acer\Documents\McAfee-Tresore
2014-08-02 12:09 - 2013-06-27 13:27 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-02 12:08 - 2014-08-02 12:08 - 05036472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-02 12:08 - 2012-10-25 05:55 - 00177996 _____ () C:\Windows\PFRO.log
2014-08-02 12:08 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-02 12:07 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-08-02 12:01 - 2014-08-02 12:01 - 00003583 _____ () C:\zoek-results.log
2014-08-02 12:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-02 11:57 - 2014-08-02 11:57 - 00000000 ____D () C:\zoek_backup
2014-08-02 11:57 - 2013-06-05 18:48 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Skype
2014-08-02 11:55 - 2013-06-27 13:27 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-02 10:45 - 2014-04-12 16:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-02 10:45 - 2014-04-12 16:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-02 10:42 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-02 10:42 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-02 10:42 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-02 10:42 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-02 10:25 - 2013-06-08 15:46 - 05718528 ___SH () C:\Users\Acer\Desktop\Thumbs.db
2014-08-02 10:12 - 2013-06-22 13:06 - 00000000 ____D () C:\Users\Acer\AppData\Local\Adobe
2014-08-01 19:55 - 2014-07-23 18:06 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\.minecraft
2014-08-01 19:11 - 2013-08-20 08:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-01 19:10 - 2013-06-03 19:24 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-01 19:10 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-01 19:08 - 2014-04-12 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-01 18:26 - 2013-06-06 15:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-01 16:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-01 15:57 - 2014-08-01 12:55 - 00044814 _____ () C:\Users\Acer\Downloads\Addition.txt
2014-08-01 15:33 - 2014-08-01 15:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 15:33 - 2014-08-01 15:33 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 15:33 - 2014-08-01 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 15:33 - 2014-08-01 15:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 15:33 - 2013-12-03 16:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 15:24 - 2014-08-01 15:23 - 00000000 ____D () C:\AdwCleaner
2014-08-01 15:19 - 2014-08-01 15:18 - 01361309 _____ () C:\Users\Acer\Desktop\adwcleaner_3.302.exe
2014-08-01 14:45 - 2014-08-01 14:45 - 00032983 _____ () C:\ComboFix.txt
2014-08-01 14:45 - 2014-08-01 14:35 - 00000000 ____D () C:\Qoobox
2014-08-01 14:45 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2014-08-01 14:44 - 2014-08-01 14:34 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 14:44 - 2012-07-26 07:26 - 00000215 _____ () C:\Windows\system.ini
2014-08-01 12:47 - 2014-08-01 12:47 - 00000000 ____D () C:\Users\Acer\Documents\Lightshot
2014-08-01 12:46 - 2014-08-01 12:46 - 02273984 _____ (Skillbrains ) C:\Users\Acer\Downloads\setup-lightshot.exe
2014-08-01 12:46 - 2014-08-01 12:46 - 00000434 _____ () C:\Users\Acer\AppData\Local\UserProducts.xml
2014-08-01 12:46 - 2014-08-01 12:46 - 00000003 _____ () C:\Users\Acer\AppData\Local\updater.log
2014-08-01 12:46 - 2014-08-01 12:46 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-08-01 12:16 - 2014-08-01 12:16 - 00380416 _____ () C:\Users\Acer\Downloads\Gmer-19357.exe
2014-08-01 12:15 - 2014-08-01 12:15 - 00050477 _____ () C:\Users\Acer\Desktop\Defogger.exe
2014-08-01 12:15 - 2014-08-01 12:15 - 00000000 _____ () C:\Users\Acer\defogger_reenable
2014-08-01 12:15 - 2013-06-02 18:12 - 00000000 ____D () C:\Users\Acer
2014-08-01 12:08 - 2014-08-01 12:08 - 02094080 _____ (Farbar) C:\Users\Acer\Downloads\FRST64.exe
2014-07-31 15:59 - 2014-07-31 15:59 - 187850512 _____ () C:\Users\Acer\Desktop\LP2.mp4
2014-07-31 15:56 - 2013-06-02 18:37 - 00000000 ____D () C:\Users\Acer\AppData\Local\CrashDumps
2014-07-31 12:22 - 2014-07-31 12:21 - 374774656 _____ () C:\Users\Acer\Desktop\csgo 2014-07-31 12-21-48-30.avi
2014-07-30 16:38 - 2014-07-30 16:38 - 119320085 _____ () C:\Users\Acer\Desktop\Untitled.mp4
2014-07-30 16:00 - 2013-08-27 12:09 - 00000000 ____D () C:\Users\Acer\.gimp-2.8
2014-07-30 15:58 - 2014-07-30 15:58 - 00027591 _____ () C:\Users\Acer\AppData\Local\recently-used.xbel
2014-07-30 15:58 - 2014-07-28 19:24 - 00000000 ____D () C:\Users\Acer\Desktop\Clash
2014-07-30 15:58 - 2013-08-28 10:55 - 00000000 ____D () C:\Users\Acer\AppData\Local\gtk-2.0
2014-07-29 19:54 - 2012-11-29 07:27 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-07-29 19:54 - 2012-11-29 07:27 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-07-29 19:54 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-29 18:32 - 2012-07-26 09:21 - 00054262 _____ () C:\Windows\setupact.log
2014-07-29 18:31 - 2014-07-29 18:31 - 00000000 ____D () C:\Users\Acer\Desktop\Foto-Bestellung
2014-07-29 17:09 - 2014-07-29 17:09 - 182460392 _____ () C:\Users\Acer\Desktop\lp1.mp4
2014-07-29 15:59 - 2014-07-29 15:58 - 130299481 _____ () C:\Users\Acer\Desktop\CC.mp4
2014-07-28 18:12 - 2014-07-28 17:15 - 00000020 _____ () C:\Windows\capsys184523.log
2014-07-28 17:43 - 2014-07-02 14:40 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-07-28 17:23 - 2014-07-28 17:23 - 00001860 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-07-28 17:23 - 2014-07-28 17:23 - 00001811 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-07-28 17:23 - 2012-07-26 10:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-07-28 17:22 - 2014-07-28 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-07-28 17:22 - 2014-07-28 17:22 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-07-28 17:22 - 2014-07-28 17:22 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-07-28 17:21 - 2014-07-28 17:21 - 00000000 ____D () C:\Users\Acer\AppData\Local\Bluestacks
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Users\Acer\AppData\Local\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\ProgramData\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Program Files (x86)\Mirillis
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Action!
2014-07-28 15:34 - 2012-10-25 06:28 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-07-27 19:05 - 2013-06-02 18:20 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3123453034-4028823714-348128312-1002
2014-07-27 17:58 - 2014-07-27 17:58 - 00000295 _____ () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb (3).lnk
2014-07-27 17:46 - 2014-05-16 19:47 - 00000000 ____D () C:\Users\Acer\Desktop\YoutubeDownload
2014-07-27 15:25 - 2014-05-17 16:37 - 00000000 ____D () C:\Users\Acer\Desktop\Videos - ungerendert
2014-07-27 15:00 - 2013-06-08 15:32 - 00000000 ____D () C:\Fraps
2014-07-27 12:05 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-26 19:09 - 2014-07-26 19:08 - 00000000 ____D () C:\Users\Acer\AppData\Local\QQSM
2014-07-26 19:08 - 2014-07-26 16:21 - 00000000 ____D () C:\ProgramData\Solid State Networks
2014-07-26 19:07 - 2014-07-26 19:07 - 00001035 _____ () C:\Users\Public\Desktop\Hazard Ops.lnk
2014-07-26 19:07 - 2014-07-26 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hazard Ops
2014-07-26 19:07 - 2014-07-26 18:56 - 00000000 ____D () C:\Program Files (x86)\Hazard Ops
2014-07-26 18:55 - 2014-07-26 16:21 - 00000000 ____D () C:\Users\Acer\Desktop\Hazard Ops Download
2014-07-26 15:13 - 2013-06-08 16:05 - 00000000 ____D () C:\Users\Acer\AppData\Local\Windows Live
2014-07-26 15:11 - 2012-10-25 06:32 - 00000000 ____D () C:\Program Files (x86)\EgisTec MyWinLocker
2014-07-26 15:07 - 2012-10-25 06:32 - 00000000 ____D () C:\ProgramData\EgisTec IPS
2014-07-26 15:05 - 2012-10-25 06:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-25 11:05 - 2013-11-09 15:59 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Spotify
2014-07-25 10:38 - 2012-10-25 06:29 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-07-25 10:37 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-07-23 18:39 - 2014-07-23 18:39 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\java
2014-07-23 18:37 - 2013-11-09 15:59 - 00000000 ____D () C:\Users\Acer\AppData\Local\Spotify
2014-07-23 18:34 - 2014-07-23 18:35 - 00321448 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-23 18:34 - 2014-05-16 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-07-23 18:34 - 2014-04-22 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-23 18:34 - 2013-06-07 18:01 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-23 18:34 - 2013-06-07 18:01 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-23 18:34 - 2013-06-07 18:01 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-23 18:34 - 2013-06-07 18:00 - 00000000 ____D () C:\Program Files\Java
2014-07-23 18:03 - 2014-07-23 18:03 - 00675988 _____ () C:\Users\Acer\Desktop\Minecraft.exe
2014-07-10 13:17 - 2013-09-22 19:44 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\TS3Client

Files to move or delete:
====================
C:\Users\Acer\jagex_cl_runescape_LIVE.dat
C:\Users\Acer\random.dat


Some content of TEMP:
====================
C:\Users\Acer\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-02 10:33

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by Acer at 2014-08-02 12:25:35
Running from C:\Users\Acer\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
Ace of Spades (HKLM-x32\...\{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}) (Version: 0.75.015 - Ben Aksoy)
Ace of Spades (HKLM-x32\...\Steam App 224540) (Version:  - Jagex Limited)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.19.2 - Mirillis)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.0.0.181 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Any Video Converter 5.0.5 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arctic Combat (HKLM-x32\...\Steam App 212370) (Version:  - Battery Studio)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audacity Bundle by Fileparade.com (HKLM-x32\...\Audacity Bundle by Fileparade.com) (Version: 1.0.0.0 - SweetPacks LTD) <==== ATTENTION
Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{1AFACC2A-9A60-43EF-ABDB-2CEECA5EA77F}) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
Build and Shoot Launcher 1.1 (HKLM-x32\...\Build and Shoot Launcher) (Version: 1.1 - Buld Then Snip, LLC)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
devolo dLAN Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.0.0.0 - devolo AG)
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
Dxtory version 2.0.122 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.122 - Dxtory Software)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
ETDWare PS/2-X64 11.6.13.004_WHQL (HKLM\...\Elantech) (Version: 11.6.13.004 - ELAN Microelectronic Corp.)
Euro Truck Simulator 2 Demo (HKLM-x32\...\Steam App 231120) (Version:  - SCS Software)
FileZilla Client 3.7.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.1.1 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
Free Video to Flash Converter version 5.0.25.610 (HKLM-x32\...\Free Video to Flash Converter_is1) (Version: 5.0.25.610 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 5.0.25.610 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.25.610 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.8.717 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.8.717 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.3.610 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.3.610 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.0.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.1 - Ellora Assets Corporation)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Half-Life Dedicated Server Update Tool (HKLM-x32\...\Half-Life Dedicated Server Update Tool) (Version:  - )
HandBrake 0.9.9 (HKLM-x32\...\HandBrake) (Version: 0.9.9 - )
Hazard Ops (HKLM-x32\...\{F70DE052-CFFD-4DCB-8DA3-3ECAAFBB7D15}}_is1) (Version: 0.2.0.2042 - Infernum Productions AG)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418011FF}) (Version: 8.0.110 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.11.12 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 55 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.7 - Acer Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.154 - Logitech Inc.)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.0.6.2000 - Maxthon International Limited)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
MotoGP™13 Demo (HKLM-x32\...\Steam App 243820) (Version:  - Milestone S.r.l.)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.2 - Notepad++ Team)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3200 - Acer)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokemon Online 2.3.0 (HKLM-x32\...\{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1) (Version:  - Dreambelievers)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
ROCCAT Kone Pure Mouse Driver (HKLM-x32\...\{4905245D-56E7-4176-BE68-962728B803D6}) (Version:  - Roccat GmbH)
ROCCAT Power-Grid Version 0.459 (HKLM-x32\...\{953CF6E6-4EC8-4E55-A263-720CEBD591FE}_is1) (Version: 0.459 - ROCCAT GmbH)
Sauerbraten (HKLM-x32\...\Sauerbraten) (Version:  - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TI-Nspire(TM) CAS Student Software (HKLM-x32\...\{E8CC9064-8382-4D5C-9E55-F88D9541FFC0}) (Version: 3.2.0.1219 - Texas Instruments Inc.)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.17 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
XSplit Broadcaster (HKLM-x32\...\{4BC33FAB-4249-44D7-88A3-22682C577EE3}) (Version: 1.3.1310.1103 - SplitMediaLabs)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

10-07-2014 11:30:49 Geplanter Prüfpunkt
22-07-2014 17:47:10 Geplanter Prüfpunkt
26-07-2014 13:02:21 Konfiguriert MediaEspresso
27-07-2014 15:43:05 Removed BlueStacks Notification Center
01-08-2014 10:07:57 Removed Camtasia Studio 8

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2014-08-01 14:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1374B489-39EC-4BA9-BE12-9DCFBE284FF5} - System32\Tasks\{7DB51D54-7340-4D9C-B8C2-98EC221A65CF} => c:\program files (x86)\maxthon\bin\maxthon.exe [2013-05-06] (Maxthon International ltd.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1BB228C1-5DAD-465B-9C57-78681F1880D3} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {1C56FD5E-D85C-41E5-9224-C897114D1757} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {260E584D-B1F8-4579-84CF-F51FC00AA7E6} - System32\Tasks\{C59678A3-9AB9-496D-865B-6F398E1DEC86} => c:\program files (x86)\maxthon\bin\maxthon.exe [2013-05-06] (Maxthon International ltd.)
Task: {26F72A6D-3F73-49B0-8B99-5E273B515A50} - System32\Tasks\{1D234A3F-0A38-4D93-83F8-F950A7A977AD} => c:\program files (x86)\maxthon\bin\maxthon.exe [2013-05-06] (Maxthon International ltd.)
Task: {2BBDF949-171E-47C1-A55C-A8292D1AE47A} - System32\Tasks\{68F5A7AF-B70A-4DE7-85B1-21BCE0133032} => c:\program files (x86)\maxthon\bin\maxthon.exe [2013-05-06] (Maxthon International ltd.)
Task: {52EF4DF8-76E9-4CC4-AA1D-F6AE1AB61497} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {79EA3AFA-A605-4523-B2AC-5E01A89F4F92} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-01] (Microsoft Corporation)
Task: {7F6C71C4-B065-4130-9449-170A55255CC5} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-06-03] (Maxthon International ltd.)
Task: {93347DF4-5F18-4248-AEE6-D871894B8294} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A9B3D63B-DE1C-4886-917E-D58A3BA32ADB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-27] (Google Inc.)
Task: {AF9CD05D-B25C-4EC7-B86D-8C27BAAC3146} - System32\Tasks\AdobeAAMUpdater-1.0-SibTop-Acer => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {B1D35763-18E8-4151-8F73-7626C0DBD09D} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {B8E9693A-7C3B-46D6-8BD2-3C064F6F956C} - System32\Tasks\{D56270AE-F972-4A9B-AC8D-607AF94A4925} => c:\program files (x86)\maxthon\bin\maxthon.exe [2013-05-06] (Maxthon International ltd.)
Task: {C53BD627-907F-46DC-8AC1-12B1F018D8DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-27] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EACCC4AB-96B2-42EA-8EEE-1335F0E399BC} - System32\Tasks\{FEFAFBD3-E9E9-442A-BF1C-1A8745FEB34C} => c:\program files (x86)\maxthon\bin\maxthon.exe [2013-05-06] (Maxthon International ltd.)
Task: {EBB5E046-98AD-4CAE-ACD7-CF3AC4482B1E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FBA71317-EB0D-4719-A075-715EE0EA0F86} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-22 17:10 - 2014-03-04 16:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-22 17:19 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-06-11 23:58 - 2013-06-11 23:58 - 03316080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2012-07-26 09:58 - 2012-07-26 09:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-10-29 07:33 - 2012-10-23 20:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-11 20:21 - 2014-02-11 20:21 - 00860160 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-02-11 20:22 - 2014-02-11 20:22 - 01043968 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-02-11 20:21 - 2014-02-11 20:21 - 00052736 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-02-11 20:22 - 2014-02-11 20:22 - 00236032 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2013-06-11 23:58 - 2013-06-11 23:58 - 04513648 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2012-08-23 08:26 - 2012-08-23 08:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-23 08:26 - 2012-08-23 08:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-23 08:26 - 2012-08-23 08:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2013-06-13 22:11 - 2013-06-13 22:11 - 32726528 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2014-03-26 17:27 - 2012-06-23 15:54 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\hiddriver.dll
2013-03-13 13:42 - 2013-06-05 14:21 - 00071560 _____ () C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
2013-06-11 23:57 - 2013-06-11 23:57 - 00381808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CCInvokeAAM.dll
2012-11-28 22:42 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-06-27 22:12 - 2013-06-27 22:12 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-07-22 14:57 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-22 14:57 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-04-22 17:10 - 2014-03-04 16:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-07-22 14:57 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-22 14:57 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-22 14:57 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-22 14:57 - 2014-07-15 11:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Acer\AppData\Local\Temporary Internet Files:BQvlh9x4TJm7wCjTHxVXKY3j
AlternateDataStreams: C:\Users\Acer\AppData\Local\Temporary Internet Files:Sqy0f8GJCFuB9poCX4gmtpk7NDcbYX

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BrcmCardReader => 2
MSCONFIG\Services: DevoloNetworkService => 2
MSCONFIG\Services: DsiWMIService => 2
MSCONFIG\Services: EgisTec Ticket Service => 3
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: Freemake Improver => 2
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: RfButtonDriverService => 2
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKCU\...\StartupApproved\Run: => "Steam"
HKCU\...\StartupApproved\Run: => "EADM"
HKCU\...\StartupApproved\Run: => "Akamai NetSession Interface"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2014 04:43:27 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to launch stream service as user [87]

Error: (08/01/2014 11:30:31 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to launch stream service as user [87]

Error: (07/31/2014 03:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HD-Frontend.exe, Version: 0.8.12.3119, Zeitstempel: 0x53b58743
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d2be6
Ausnahmecode: 0xc0020001
Fehleroffset: 0x00010f22
ID des fehlerhaften Prozesses: 0x2f8
Startzeit der fehlerhaften Anwendung: 0xHD-Frontend.exe0
Pfad der fehlerhaften Anwendung: HD-Frontend.exe1
Pfad des fehlerhaften Moduls: HD-Frontend.exe2
Berichtskennung: HD-Frontend.exe3
Vollständiger Name des fehlerhaften Pakets: HD-Frontend.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HD-Frontend.exe5

Error: (07/31/2014 03:48:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HD-Frontend.exe, Version: 0.8.12.3119, Zeitstempel: 0x53b58743
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d2be6
Ausnahmecode: 0xc0020001
Fehleroffset: 0x00010f22
ID des fehlerhaften Prozesses: 0x1df8
Startzeit der fehlerhaften Anwendung: 0xHD-Frontend.exe0
Pfad der fehlerhaften Anwendung: HD-Frontend.exe1
Pfad des fehlerhaften Moduls: HD-Frontend.exe2
Berichtskennung: HD-Frontend.exe3
Vollständiger Name des fehlerhaften Pakets: HD-Frontend.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HD-Frontend.exe5

Error: (07/31/2014 03:03:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm HD-Frontend.exe, Version 0.8.12.3119 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f2c

Startzeit: 01cfacbfc4baf785

Endzeit: 12

Anwendungspfad: C:\Program Files (x86)\BlueStacks\HD-Frontend.exe

Berichts-ID: 0d675112-18b3-11e4-beb7-b888e3da3fac

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/31/2014 11:23:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HD-Frontend.exe, Version: 0.8.12.3119, Zeitstempel: 0x53b58743
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d2be6
Ausnahmecode: 0xc0020001
Fehleroffset: 0x00010f22
ID des fehlerhaften Prozesses: 0x12dc
Startzeit der fehlerhaften Anwendung: 0xHD-Frontend.exe0
Pfad der fehlerhaften Anwendung: HD-Frontend.exe1
Pfad des fehlerhaften Moduls: HD-Frontend.exe2
Berichtskennung: HD-Frontend.exe3
Vollständiger Name des fehlerhaften Pakets: HD-Frontend.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HD-Frontend.exe5

Error: (07/31/2014 10:11:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_wcncsvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16579, Zeitstempel: 0x51637f77
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005af58
ID des fehlerhaften Prozesses: 0x1818
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_wcncsvc0
Pfad der fehlerhaften Anwendung: svchost.exe_wcncsvc1
Pfad des fehlerhaften Moduls: svchost.exe_wcncsvc2
Berichtskennung: svchost.exe_wcncsvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_wcncsvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_wcncsvc5

Error: (07/30/2014 04:27:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HD-Frontend.exe, Version: 0.8.12.3119, Zeitstempel: 0x53b58743
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d2be6
Ausnahmecode: 0xc0020001
Fehleroffset: 0x00010f22
ID des fehlerhaften Prozesses: 0x1914
Startzeit der fehlerhaften Anwendung: 0xHD-Frontend.exe0
Pfad der fehlerhaften Anwendung: HD-Frontend.exe1
Pfad des fehlerhaften Moduls: HD-Frontend.exe2
Berichtskennung: HD-Frontend.exe3
Vollständiger Name des fehlerhaften Pakets: HD-Frontend.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HD-Frontend.exe5

Error: (07/29/2014 05:09:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm gimp-2.8.exe, Version 2.8.6.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1100

Startzeit: 01cfab3f1294a66a

Endzeit: 2

Anwendungspfad: C:\Program Files\GIMP 2\bin\gimp-2.8.exe

Berichts-ID: 5d2f4374-1732-11e4-beb7-b888e3da3fac

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/29/2014 05:09:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm gimp-2.8.exe, Version 2.8.6.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17bc

Startzeit: 01cfab3ecd1d7d0a

Endzeit: 25

Anwendungspfad: C:\Program Files\GIMP 2\bin\gimp-2.8.exe

Berichts-ID: 46cf0ec0-1732-11e4-beb7-b888e3da3fac

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (08/01/2014 08:35:16 PM) (Source: DCOM) (EventID: 10010) (User: SibTop)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (08/01/2014 08:35:16 PM) (Source: DCOM) (EventID: 10010) (User: SibTop)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (08/01/2014 08:35:12 PM) (Source: DCOM) (EventID: 10010) (User: SibTop)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (08/01/2014 08:35:12 PM) (Source: DCOM) (EventID: 10010) (User: SibTop)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (08/01/2014 05:43:54 PM) (Source: DCOM) (EventID: 10010) (User: SibTop)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (08/01/2014 03:27:49 PM) (Source: DCOM) (EventID: 10016) (User: SibTop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SibTopAcerS-1-5-21-3123453034-4028823714-348128312-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/01/2014 03:27:49 PM) (Source: DCOM) (EventID: 10016) (User: SibTop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SibTopAcerS-1-5-21-3123453034-4028823714-348128312-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/01/2014 03:27:49 PM) (Source: DCOM) (EventID: 10016) (User: SibTop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SibTopAcerS-1-5-21-3123453034-4028823714-348128312-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/01/2014 03:27:49 PM) (Source: DCOM) (EventID: 10016) (User: SibTop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SibTopAcerS-1-5-21-3123453034-4028823714-348128312-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/01/2014 03:27:49 PM) (Source: DCOM) (EventID: 10016) (User: SibTop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SibTopAcerS-1-5-21-3123453034-4028823714-348128312-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


Microsoft Office Sessions:
=========================
Error: (08/01/2014 04:43:27 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to launch stream service as user [87]

Error: (08/01/2014 11:30:31 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to launch stream service as user [87]

Error: (07/31/2014 03:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HD-Frontend.exe0.8.12.311953b58743KERNELBASE.dll6.2.9200.16864531d2be6c002000100010f222f801cfacc7102de848C:\Program Files (x86)\BlueStacks\HD-Frontend.exeC:\Windows\SYSTEM32\KERNELBASE.dll82d7ee31-18ba-11e4-beb7-b888e3da3fac

Error: (07/31/2014 03:48:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HD-Frontend.exe0.8.12.311953b58743KERNELBASE.dll6.2.9200.16864531d2be6c002000100010f221df801cfacc5f2995ad2C:\Program Files (x86)\BlueStacks\HD-Frontend.exeC:\Windows\SYSTEM32\KERNELBASE.dll698e8686-18b9-11e4-beb7-b888e3da3fac

Error: (07/31/2014 03:03:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HD-Frontend.exe0.8.12.3119f2c01cfacbfc4baf78512C:\Program Files (x86)\BlueStacks\HD-Frontend.exe0d675112-18b3-11e4-beb7-b888e3da3fac

Error: (07/31/2014 11:23:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: HD-Frontend.exe0.8.12.311953b58743KERNELBASE.dll6.2.9200.16864531d2be6c002000100010f2212dc01cfaca02eb1cc16C:\Program Files (x86)\BlueStacks\HD-Frontend.exeC:\Windows\SYSTEM32\KERNELBASE.dll53b2f45d-1894-11e4-beb7-b888e3da3fac

Error: (07/31/2014 10:11:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_wcncsvc6.2.9200.16420505a9a4entdll.dll6.2.9200.1657951637f77c0000005000000000005af58181801cfab09ca39d86dC:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll34d7e11b-188a-11e4-beb7-b888e3da3fac

Error: (07/30/2014 04:27:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HD-Frontend.exe0.8.12.311953b58743KERNELBASE.dll6.2.9200.16864531d2be6c002000100010f22191401cfac00ac7bbe35C:\Program Files (x86)\BlueStacks\HD-Frontend.exeC:\Windows\SYSTEM32\KERNELBASE.dll9704f30c-17f5-11e4-beb7-b888e3da3fac

Error: (07/29/2014 05:09:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gimp-2.8.exe2.8.6.0110001cfab3f1294a66a2C:\Program Files\GIMP 2\bin\gimp-2.8.exe5d2f4374-1732-11e4-beb7-b888e3da3fac

Error: (07/29/2014 05:09:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gimp-2.8.exe2.8.6.017bc01cfab3ecd1d7d0a25C:\Program Files\GIMP 2\bin\gimp-2.8.exe46cf0ec0-1732-11e4-beb7-b888e3da3fac


CodeIntegrity Errors:
===================================
  Date: 2014-08-01 14:43:28.320
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 8007.27 MB
Available physical RAM: 4856.48 MB
Total Pagefile: 9223.27 MB
Available Pagefile: 6070.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.19 GB) (Free:250.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 28EF967C)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 02.08.2014, 11:42   #10
M-K-D-B
/// TB-Ausbilder
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
HKU\S-1-5-21-3123453034-4028823714-348128312-1002\...\Run: [LightShot] => C:\Users\Acer\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
SearchScopes: HKLM - {CAB5592E-CC92-436E-A6E9-54E071E9E406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {CAB5592E-CC92-436E-A6E9-54E071E9E406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {96EA97C4-52BE-4710-AFB4-4BBF5F9ED96E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKCU - {B05A6E20-A422-4BF3-A46F-0AADB29EBCC3} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=973AD222-32B8-4BEC-81D3-D600A21B23F7&apn_sauid=69B4F2A5-350D-48AC-A85C-0EBF5EA44F4B
SearchScopes: HKCU - {BC49B688-265C-45BD-8A3F-F778A308CB32} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE662&p={SearchTerms}
SearchScopes: HKCU - {CAB5592E-CC92-436E-A6E9-54E071E9E406} URL = 
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv
C:\Users\Acer\jagex_cl_runescape_LIVE.dat
C:\Users\Acer\random.dat
Reboot:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 02.08.2014, 19:09   #11
Mappin
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig



Der Scan mit ESET wurde nach 8 Stunden, ohne einen Error abgebrochen. Was jetzt?

Alt 03.08.2014, 09:19   #12
M-K-D-B
/// TB-Ausbilder
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig



Zitat:
Zitat von Mappin Beitrag anzeigen
Der Scan mit ESET wurde nach 8 Stunden, ohne einen Error abgebrochen. Was jetzt?
Versuch mal HitmanPro bitte:

Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 

__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 03.08.2014, 10:44   #13
Mappin
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig



Fixlog:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014 02
Ran by Acer at 2014-08-02 12:49:00 Run:3
Running from C:\Users\Acer\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-3123453034-4028823714-348128312-1002\...\Run: [LightShot] => C:\Users\Acer\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
SearchScopes: HKLM - {CAB5592E-CC92-436E-A6E9-54E071E9E406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {CAB5592E-CC92-436E-A6E9-54E071E9E406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {96EA97C4-52BE-4710-AFB4-4BBF5F9ED96E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKCU - {B05A6E20-A422-4BF3-A46F-0AADB29EBCC3} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=973AD222-32B8-4BEC-81D3-D600A21B23F7&apn_sauid=69B4F2A5-350D-48AC-A85C-0EBF5EA44F4B
SearchScopes: HKCU - {BC49B688-265C-45BD-8A3F-F778A308CB32} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE662&p={SearchTerms}
SearchScopes: HKCU - {CAB5592E-CC92-436E-A6E9-54E071E9E406} URL = 
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv
C:\Users\Acer\jagex_cl_runescape_LIVE.dat
C:\Users\Acer\random.dat
Reboot:
end
*****************

HKU\S-1-5-21-3123453034-4028823714-348128312-1002\Software\Microsoft\Windows\CurrentVersion\Run\\LightShot => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CAB5592E-CC92-436E-A6E9-54E071E9E406}" => Key deleted successfully.
"HKCR\CLSID\{CAB5592E-CC92-436E-A6E9-54E071E9E406}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{CAB5592E-CC92-436E-A6E9-54E071E9E406}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{CAB5592E-CC92-436E-A6E9-54E071E9E406}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96EA97C4-52BE-4710-AFB4-4BBF5F9ED96E}" => Key deleted successfully.
"HKCR\CLSID\{96EA97C4-52BE-4710-AFB4-4BBF5F9ED96E}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B05A6E20-A422-4BF3-A46F-0AADB29EBCC3}" => Key deleted successfully.
"HKCR\CLSID\{B05A6E20-A422-4BF3-A46F-0AADB29EBCC3}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC49B688-265C-45BD-8A3F-F778A308CB32}" => Key deleted successfully.
"HKCR\CLSID\{BC49B688-265C-45BD-8A3F-F778A308CB32}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CAB5592E-CC92-436E-A6E9-54E071E9E406}" => Key deleted successfully.
"HKCR\CLSID\{CAB5592E-CC92-436E-A6E9-54E071E9E406}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}" => Key deleted successfully.
"HKCR\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}" => Key not found.
C:\Users\Acer\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Acer\random.dat => Moved successfully.


The system needed a reboot. 

==== End of Fixlog ====
         
HitmanPro:
Code:
ATTFilter
Code:
ATTFilter
HitmanPro 3.7.9.221
www.hitmanpro.com

   Computer name . . . . : SIBTOP
   Windows . . . . . . . : 6.2.0.9200.X64/4
   User name . . . . . . : SibTop\Acer
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2014-08-03 11:20:19
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 12s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 114

   Objects scanned . . . : 2.020.696
   Files scanned . . . . : 77.934
   Remnants scanned  . . : 880.882 files / 1.061.880 keys

Malware _____________________________________________________________________

   C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[1].exe -> Quarantined
      Size . . . . . . . : 3.953.864 bytes
      Age  . . . . . . . : 214.9 days (2013-12-31 14:16:44)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : A853545ED292B29A17282F22365D54BC7901E85C6789069E5B3FDC06229DD4EA
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:WebToolbar.Win32.Perinet.d
      Fuzzy  . . . . . . : 109.0


Suspicious files ____________________________________________________________

   C:\$RECYCLE.BIN\S-1-5-21-3123453034-4028823714-348128312-1002\$RJKFORA.exe
      Size . . . . . . . : 2.094.080 bytes
      Age  . . . . . . . : 1.0 days (2014-08-02 12:05:37)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : C565E2C38D81EB35F33193915E9F0C71F3A87AB72D6176E666D83DE3B45597DE
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Acer\Downloads\FRST64.exe
      Size . . . . . . . : 2.094.080 bytes
      Age  . . . . . . . : 2.0 days (2014-08-01 12:08:31)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 2746D705ED9647BA41A2B03F8DCE7E57E3070B0B5B159C459A9A65FC9797AA25
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar) -> Deleted
   HKU\.DEFAULT\Software\IM\ (Sweetpacks) -> Deleted
   HKU\.DEFAULT\Software\ImInstaller\ (Sweetpacks) -> Deleted
   HKU\.DEFAULT\Software\SweetIM\ (Sweetpacks) -> Deleted
   HKU\S-1-5-18\Software\IM\ (Sweetpacks) -> PendingDelete
   HKU\S-1-5-18\Software\ImInstaller\ (Sweetpacks) -> PendingDelete
   HKU\S-1-5-18\Software\SweetIM\ (Sweetpacks) -> PendingDelete
   HKU\S-1-5-21-3123453034-4028823714-348128312-1002\Software\Microsoft\Internet Explorer\Approved Extensions\{1631550F-191D-4826-B069-D9439253D926} (PriceGong) -> Deleted
   HKU\S-1-5-21-3123453034-4028823714-348128312-1002\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) -> Deleted
   HKU\S-1-5-21-3123453034-4028823714-348128312-1002\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find) -> Deleted
   HKU\S-1-5-21-3123453034-4028823714-348128312-1002\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:3276817.fls.doubleclick.net
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.dyntracker.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.movad.net
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:deutschepostag.112.2o7.net
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:eaeacom.112.2o7.net
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.pgmediaserve.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:oms.122.2o7.net
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:oracle.112.2o7.net
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:pool-eu-ie.creative-serving.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexstreetboys.spreadshirt.de
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.effiliation.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.zalando.de
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\1FMO3QOM.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\336UMTVV.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\3FCI0XXE.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\4YBIMV14.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\6V61ACKT.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\7TINRJPM.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\9Q80SEUK.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\9YJLJDVI.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\C13ZJA8Y.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\CFA11CPS.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\DC14L7AX.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\DL41C35I.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\DUP7S69L.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\DVRHKB6C.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\EETBRWJG.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\GAJNGZF4.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\GGEMMWMR.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\HBB6MGAB.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\HUQRF46N.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\IASPQK8X.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\JNHWLURM.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\JZJUA0AN.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\KG4O2MI4.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\L89J8CXD.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\MW4A0TJQ.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\OE6WKZWT.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\P7A0ZA37.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\QXF5RVM7.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\RAA8WXM6.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\RTVUYK5X.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\RUZ23YHG.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\ST1SQ4E0.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\T58W7Y1U.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\T7WU78Z3.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\T8OUY9OB.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\X3LQ5CH3.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\XYE35R4P.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\Y1WLM8MD.txt
   C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Cookies\YXL4H3L0.txt
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.85  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
McAfee Anti-Virus und Anti-Spyware   
Windows Defender                     
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Java SE Development Kit 7 Update 55 
 Java version out of Date! 
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

Alt 03.08.2014, 11:01   #14
M-K-D-B
/// TB-Ausbilder
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig



Servus,



noch Probleme mit der Internetseite? Wenn ja, in welchem Browser?
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 03.08.2014, 11:09   #15
Mappin
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig



Alles Super. Keine Probleme vorhanden.

Antwort

Themen zu h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig
achtung, anhang, browser, chrome, folge, folgendes, gmer, google, google chrome, laptop, leute, link, link geöffnet, rum, selbstständig, stunde, öffnen, öffnet



Ähnliche Themen: h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig


  1. Windows 7: Firefox öffnet selbstständig in kurzen Abständen URL: http://98uj8.de/[...]
    Log-Analyse und Auswertung - 22.08.2014 (19)
  2. h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet
    Log-Analyse und Auswertung - 12.08.2014 (21)
  3. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad Öffnet mehrere Seiten im Firefox
    Plagegeister aller Art und deren Bekämpfung - 07.08.2014 (9)
  4. Browser öffnet 98uj8.de/s3brsn5ba66mgfzeinrum#noad
    Plagegeister aller Art und deren Bekämpfung - 06.08.2014 (12)
  5. Webseite http://www.98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnet sich von alleine
    Log-Analyse und Auswertung - 06.08.2014 (9)
  6. http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal
    Plagegeister aller Art und deren Bekämpfung - 06.08.2014 (18)
  7. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnet sich im Sekundentakt
    Log-Analyse und Auswertung - 05.08.2014 (5)
  8. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad Öffnet sich mehrmals im Browser. :(
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (18)
  9. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öfnet sich hintereinander
    Plagegeister aller Art und deren Bekämpfung - 04.08.2014 (9)
  10. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnet sich Mehrfach
    Plagegeister aller Art und deren Bekämpfung - 03.08.2014 (14)
  11. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnete sich selbstständig ca 30x
    Plagegeister aller Art und deren Bekämpfung - 02.08.2014 (4)
  12. Google Chrome öffnet 98uj8.de/s3brsn5ba66mgfzeinrum#noad selbstständig
    Plagegeister aller Art und deren Bekämpfung - 02.08.2014 (1)
  13. Windows 8: Firefox öffnet aus dem nichts unzählige Male "hXXp://98uj8.de/s3brsn5ba66mgfzeinrum#noad"
    Log-Analyse und Auswertung - 01.08.2014 (9)
  14. Google Chrome öffnet eigenständig; h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (3)
  15. Windows 7 Trojaner : h**p://98uj8.de/s3brsn5ba66mgfzeinrum#noad
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (5)
  16. Windows 7: Firefox öffnet http://98uj8.de/s3brsn5ba66mgfzeinrum#noad
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (2)
  17. PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet
    Plagegeister aller Art und deren Bekämpfung - 21.06.2014 (15)

Zum Thema h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig - Hey Leute, vor etwa einer Stunde haben sich in meinem Google Chrome Browser mehrere Tabs mit diesem Link geöffnet: ACHTUNG Nicht draufklicken: hxxp://98uj8.de/s3brsn5ba66mgfzeinrum#ad . Daraufhin habe ich erstmal meinen Laptop - h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig...
Archiv
Du betrachtest: h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.