Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Rootkit_hidden_driver?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.10.2014, 16:26   #1
Steel79
 
Rootkit_hidden_driver? - Standard

Rootkit_hidden_driver?



Hallo,

ich habe von nem Kumpelö grade nen Laptop hier, der sich was eingefangen an.
Dachte erstmal alles einfach, einfach Windows neu rauf und gut, doch dem ist nicht so...


Ich fange mal ganz vorne an:

Der Laptop (Windows7) ist abgestürzt mit Bluescreen...
er ging wieder an und die Tasten funktionierten nicht mehr. Auch das Touchpad ging nicht mehr.
Woran man es merkte?! Als die Eingabe kam, ob man windows 7 mit XY starten will, reagierte nix. Also Externe Tasten ran und Maus.
so ging es wenigsten bishin zum desktop...
nun gingen die Probs. weiter. Man konnte auch mit der Externen Tastatur nicht wirklich viel anfangen, weil auch dort nur begrenzt die tasten gingen wie zb. €,µ und die 6...die anderen gingen auch nicht wirklich. der Pfeil auf dem desktop blinkt und es öfnen sich so gut wie keine Proggies. AVG ging dann und der meldete mir: Rootkit_Hidden_Driver/Device/mfeavfk01.sys

Nach diesem durchlauf, ging nix mehr.
Also habe ich versucht einfach windows zu kicken und habe es neu raufgezogen.

bei dem versuch habe ich erste erfolge gemerkt, bei installieren ging immhin das Tpuchpad wieder...
er installierte als das windows7 neu (recovery CD) und in dem ersten moment schien alles gut.
doch als er nun anfing die ganzen treiber ect. zu installieren, merke ich schon, das da etwas nicht stimmt...das Touchpad reagierte wieder nicht. Tasten nicht ect.
Nur wieder mit der externen Tastatur die besagten zeichen...

Nun stehe ich also vor dem problem, das auch ein neues windows nix bringt. demnach ist der rechner hin?! oder kann man da etwas machen?

Wie gesagt, ich komme zwar ins windows rein, kann aber so gut wie nix dort machen...also mit nem proggie ist mir da anscheind nicht viel geholfen

Alt 12.10.2014, 17:12   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Rootkit_hidden_driver? - Standard

Rootkit_hidden_driver?



Hi,

tönt nach einem Hardwareproblem. Das angebliche Rootkit ist ein Leftover von McAfee

http://forums.avg.com/ww-en/avg-foru...show&id=211260



Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 13.10.2014, 12:02   #3
Steel79
 
Rootkit_hidden_driver? - Standard

Rootkit_hidden_driver?



Hallo und Guten Morgen,

habe etwas länger gebraucht, weil war nicht einfach irgendwas auf den befalenden PC zu installieren...hat dennoch geklappt...Hier mal die beiden ergenisse...

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014
Ran by peggy at 2014-10-13 08:24:32
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee  Anti-Virus und Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee  Anti-Virus und Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee  Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0530.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.222 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 2.5.775.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{995841E6-A7D8-2742-606C-98E350507317}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.61012.1205 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.1012.1156.19535 - Ihr Firmenname) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1012.1156.19535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1012.1156.19535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1012.1156.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1012.1156.19535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2228.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2228.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8228 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.1.5 - Kobo Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Internet Security Suite (HKLM-x32\...\MSC) (Version: 11.0.623 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 5.5 (HKLM-x32\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.117 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.17.5 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

12-10-2014 15:48:47 Windows Update
12-10-2014 16:11:28 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1839A9E2-34D6-4EE0-8583-996DF8A14B4A} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-10-28] (CyberLink Corp.)
Task: {1852C45B-45F9-4AF8-8FF4-50D9F3CEEA35} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {1A0903DF-C4BB-49B1-A886-44530865A49B} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-28] (CyberLink)
Task: {2DA1A312-D595-477C-B9E5-D2EA4B06FC76} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {92356D85-0108-47CE-A26D-5E5DEE84B918} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {A1B3F034-1981-4C98-BDAD-1C258BD9B7F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08] (Adobe Systems Incorporated)
Task: {E20DA715-09BC-472E-99BA-B4133DFD5C08} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-07] (Acer Incorporated)
Task: {EB3C4407-6AAB-4D65-94DC-6C4DE1E3304F} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-28] (Acer Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-09-25 20:44 - 2014-09-25 20:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2012-01-05 23:22 - 2012-01-05 23:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 23:22 - 2012-01-05 23:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 23:22 - 2012-01-05 23:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-10-28 15:04 - 2011-10-28 15:04 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2400017690-2799416205-2311158137-500 - Administrator - Disabled)
Gast (S-1-5-21-2400017690-2799416205-2311158137-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2400017690-2799416205-2311158137-1002 - Limited - Enabled)
peggy (S-1-5-21-2400017690-2799416205-2311158137-1001 - Administrator - Enabled) => C:\Users\peggy

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/13/2014 08:17:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 06:50:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 06:33:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 06:14:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 06:00:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/13/2014 08:20:44 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (10/13/2014 08:20:44 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (10/13/2014 08:20:44 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (10/13/2014 08:20:44 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (10/13/2014 08:20:44 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (10/13/2014 08:20:44 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (10/13/2014 08:20:44 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (10/13/2014 08:18:12 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (10/13/2014 08:17:18 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (10/13/2014 08:17:18 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.


Microsoft Office Sessions:
=========================
Error: (10/13/2014 08:17:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 06:50:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 06:33:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 06:14:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 06:00:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: AMD E-450 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 25%
Total physical RAM: 5865.9 MB
Available physical RAM: 4382.54 MB
Total Pagefile: 11730 MB
Available Pagefile: 9729.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:222.69 GB) (Free:187.19 GB) NTFS
Drive d: (Data) (Fixed) (Total:223.44 GB) (Free:223.28 GB) NTFS
Drive f: () (Removable) (Total:7.46 GB) (Free:7.45 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 93F63F48)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=222.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=223.4 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014
Ran by peggy (administrator) on PEGGY-PC on 13-10-2014 08:20:56
Running from F:\
Loaded Profiles: peggy &  (Available profiles: peggy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1674896 2011-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-10-27] (CyberLink Corp.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2400017690-2799416205-2311158137-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2400017690-2799416205-2311158137-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120508065105.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120508065106.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\peggy\AppData\Roaming\Mozilla\Firefox\Profiles\nduea4bm.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Cliqz Beta - C:\Users\peggy\AppData\Roaming\Mozilla\Firefox\Profiles\nduea4bm.default\Extensions\cliqz@cliqz.com [2014-10-12]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-05-08]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012-05-08]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\peggy\AppData\Roaming\Mozilla\Firefox\Profiles\nduea4bm.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [225216 2011-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [502032 2011-10-19] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199272 2012-02-22] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [210584 2012-02-22] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [162192 2012-02-22] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-13 08:21 - 2014-10-13 08:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-10-13 08:19 - 2014-10-13 08:21 - 00000000 ____D () C:\FRST
2014-10-12 19:20 - 2014-10-12 19:20 - 00000000 ____D () C:\Users\peggy\AppData\Roaming\Adobe
2014-10-12 18:44 - 2014-10-13 08:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-12 18:43 - 2014-10-12 18:43 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-12 18:43 - 2014-10-12 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-12 18:43 - 2014-10-12 18:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-12 18:43 - 2014-10-12 18:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-12 18:43 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-12 18:43 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-12 18:43 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-12 18:35 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-10-12 18:35 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-10-12 18:32 - 2014-10-13 08:16 - 00000168 _____ () C:\Windows\setupact.log
2014-10-12 18:32 - 2014-10-12 18:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-12 18:27 - 2014-10-12 18:28 - 00000000 ____D () C:\Users\peggy\AppData\Roaming\Mozilla
2014-10-12 18:27 - 2014-10-12 18:28 - 00000000 ____D () C:\Users\peggy\AppData\Local\Mozilla
2014-10-12 18:27 - 2014-10-12 18:27 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-12 18:27 - 2014-10-12 18:27 - 00001155 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-12 18:27 - 2014-10-12 18:27 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-12 18:27 - 2014-10-12 18:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-12 18:27 - 2014-10-12 18:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-12 18:17 - 2014-10-12 18:17 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-12 18:17 - 2014-10-12 18:17 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-12 18:17 - 2014-10-12 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-12 18:16 - 2014-10-12 18:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-12 18:11 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-10-12 18:11 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-10-12 18:11 - 2012-02-17 06:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-12 18:11 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-10-12 18:01 - 2014-10-13 08:17 - 00000000 ____D () C:\ProgramData\clear.fi
2014-10-12 17:58 - 2014-10-12 17:58 - 00000000 ____D () C:\Users\peggy\AppData\Local\EgisTec IPS
2014-10-12 17:54 - 2014-10-12 17:54 - 00001447 _____ () C:\Users\peggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-12 17:54 - 2014-10-12 17:54 - 00001413 _____ () C:\Users\peggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-10-12 17:51 - 2014-10-12 17:51 - 00000995 _____ () C:\Users\Public\Desktop\Kobo.lnk
2014-10-12 17:51 - 2014-10-12 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo
2014-10-12 17:50 - 2014-10-12 17:51 - 00000000 ____D () C:\Program Files (x86)\Kobo
2014-10-12 17:50 - 2014-10-12 17:50 - 00002609 _____ () C:\Users\Public\Desktop\eBay.lnk
2014-10-12 17:50 - 2014-10-12 17:50 - 00000000 ____D () C:\Program Files (x86)\OEM
2014-10-12 17:50 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-12 17:50 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-12 17:50 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-12 17:50 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-12 17:49 - 2014-10-12 17:53 - 00000000 ____D () C:\Users\peggy\AppData\Local\PowerCinema
2014-10-12 17:49 - 2014-10-12 17:49 - 00059968 _____ () C:\Users\peggy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-12 17:49 - 2014-10-12 17:49 - 00002078 _____ () C:\Users\Public\Desktop\Eurosport Player.lnk
2014-10-12 17:49 - 2014-10-12 17:49 - 00001736 _____ () C:\Users\Public\Desktop\Online kaufen.lnk
2014-10-12 17:49 - 2014-10-12 17:49 - 00000000 ____D () C:\Users\peggy\AppData\Roaming\CyberLink
2014-10-12 17:49 - 2014-10-12 17:49 - 00000000 ____D () C:\Users\peggy\AppData\Local\Acer
2014-10-12 17:49 - 2014-10-12 17:49 - 00000000 ____D () C:\Program Files\Accessory Store
2014-10-12 17:49 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-12 17:49 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-12 17:49 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-12 17:49 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-10-12 17:49 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-12 17:49 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-12 17:49 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-12 17:49 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-12 17:49 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-12 17:49 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-12 17:48 - 2014-10-12 17:54 - 00000000 ____D () C:\Users\peggy
2014-10-12 17:48 - 2014-10-12 17:49 - 00000000 ____D () C:\Program Files\Preload
2014-10-12 17:48 - 2014-10-12 17:48 - 00000020 ___SH () C:\Users\peggy\ntuser.ini
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\Vorlagen
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\Startmenü
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\Netzwerkumgebung
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\Lokale Einstellungen
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\Eigene Dateien
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\Druckumgebung
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\Documents\Eigene Musik
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\Documents\Eigene Bilder
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\AppData\Local\Verlauf
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\AppData\Local\Anwendungsdaten
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\Anwendungsdaten
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Programme
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 ____D () C:\Users\peggy\AppData\Local\VirtualStore
2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Family Protection
2014-10-12 17:48 - 2012-05-08 15:47 - 00000000 ____D () C:\Users\peggy\AppData\Roaming\Macromedia
2014-10-12 17:48 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\peggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-12 17:48 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\peggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-11 20:59 - 2014-10-12 17:48 - 00000000 __SHD () C:\Recovery
2014-10-11 19:37 - 2014-10-12 19:00 - 00643866 _____ () C:\Windows\system32\perfh007.dat
2014-10-11 19:37 - 2014-10-12 19:00 - 00126394 _____ () C:\Windows\system32\perfc007.dat
2014-10-11 19:37 - 2014-10-11 19:36 - 00295922 _____ () C:\Windows\system32\perfi007.dat
2014-10-11 19:37 - 2014-10-11 19:36 - 00038104 _____ () C:\Windows\system32\perfd007.dat
2014-10-11 19:36 - 2014-10-11 19:36 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-10-11 19:36 - 2014-10-11 19:36 - 00000000 ____D () C:\Windows\SysWOW64\de
2014-10-11 19:36 - 2014-10-11 19:36 - 00000000 ____D () C:\Windows\SysWOW64\0407
2014-10-11 19:36 - 2014-10-11 19:36 - 00000000 ____D () C:\Windows\system32\de
2014-10-11 19:36 - 2014-10-11 19:36 - 00000000 ____D () C:\Windows\system32\0407
2014-10-11 19:27 - 2014-10-11 19:27 - 00000000 ____D () C:\Windows\NAPP_Dism_Log
2014-10-11 10:19 - 2014-10-11 10:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clear.fi
2014-10-11 10:19 - 2014-10-11 10:22 - 00000000 ____D () C:\ProgramData\CLSK
2014-10-11 10:19 - 2014-10-11 10:19 - 00003418 _____ () C:\Windows\System32\Tasks\clear.fi
2014-10-11 10:19 - 2014-10-11 10:19 - 00003366 _____ () C:\Windows\System32\Tasks\DMREngine
2014-10-11 10:19 - 2014-10-11 10:19 - 00003348 _____ () C:\Windows\System32\Tasks\clear.fiAgent
2014-10-11 10:19 - 2014-10-11 10:19 - 00002171 _____ () C:\Users\Public\Desktop\clear.fi.lnk
2014-10-11 10:19 - 2014-10-11 10:19 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2014-10-11 10:16 - 2014-10-11 10:25 - 00000000 ____D () C:\ProgramData\Temp
2014-10-11 10:16 - 2014-10-11 10:22 - 00015134 _____ () C:\ProgramData\ArcadeDeluxe5.log
2014-10-11 10:16 - 2014-10-11 10:22 - 00000000 ____D () C:\ProgramData\CyberLink
2014-10-11 10:15 - 2014-10-11 10:15 - 00001024 ___RH () C:\Users\Public\Documents\NTILiveUpdateV9.dll
2014-10-11 10:15 - 2014-10-11 10:15 - 00000000 ____D () C:\ProgramData\NTI Launcher
2014-10-11 10:15 - 2014-10-11 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Media Maker 9
2014-10-11 10:13 - 2014-10-11 10:13 - 00001024 ___RH () C:\Users\Public\Documents\NTIMMV9REGET.dll
2014-10-11 10:13 - 2014-10-11 10:13 - 00001024 ___RH () C:\Users\Public\Documents\NTIMMV9Acer.dll
2014-10-11 10:13 - 2014-10-11 10:13 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-10-11 10:11 - 2014-10-11 10:11 - 00002435 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
2014-10-11 10:11 - 2014-10-11 10:11 - 00000000 ____D () C:\Windows\OEMTemp
2014-10-11 10:11 - 2014-10-11 10:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-10-11 10:07 - 2014-10-11 10:07 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-10-11 10:04 - 2014-10-11 10:04 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-10-11 10:04 - 2010-12-01 10:12 - 09888360 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUStoricon.dll
2014-10-11 10:04 - 2010-12-01 10:12 - 00422504 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtsUStor.dll
2014-10-11 10:04 - 2010-12-01 10:12 - 00250984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys
2014-10-11 10:03 - 2014-10-11 10:04 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-10-11 10:03 - 2014-10-11 10:03 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-10-11 10:03 - 2014-10-11 10:03 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-10-11 10:03 - 2014-10-11 10:03 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-10-11 10:03 - 2014-10-11 10:03 - 00000000 ____D () C:\Program Files\Synaptics
2014-10-11 10:03 - 2014-10-11 10:03 - 00000000 ____D () C:\Program Files\Realtek
2014-10-11 10:03 - 2011-06-14 13:38 - 02899176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-10-11 10:03 - 2011-06-14 07:40 - 01483264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-10-11 10:03 - 2011-06-13 13:04 - 01560680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-10-11 10:03 - 2011-06-10 11:35 - 00603472 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2014-10-11 10:03 - 2011-06-07 11:09 - 02405992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-10-11 10:03 - 2011-06-03 08:11 - 01805928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-10-11 10:03 - 2011-06-02 11:03 - 00092264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll
2014-10-11 10:03 - 2011-06-02 06:22 - 00043506 _____ () C:\Windows\system32\Drivers\RtPCEE4.DAT
2014-10-11 10:03 - 2011-05-31 04:09 - 03114088 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2014-10-11 10:03 - 2011-05-31 03:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2014-10-11 10:03 - 2011-05-31 03:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2014-10-11 10:03 - 2011-05-31 03:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2014-10-11 10:03 - 2011-05-31 03:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2014-10-11 10:03 - 2011-05-31 03:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2014-10-11 10:03 - 2011-05-31 03:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2014-10-11 10:03 - 2011-05-31 03:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2014-10-11 10:03 - 2011-05-31 03:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2014-10-11 10:03 - 2011-05-31 03:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2014-10-11 10:03 - 2011-05-31 03:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2014-10-11 10:03 - 2011-05-31 03:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2014-10-11 10:03 - 2011-05-31 03:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2014-10-11 10:03 - 2011-05-27 11:58 - 01284712 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-10-11 10:03 - 2011-05-23 11:12 - 01245288 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-10-11 10:03 - 2011-05-05 09:24 - 02085440 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-10-11 10:03 - 2011-05-05 08:15 - 00220512 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2014-10-11 10:03 - 2011-05-05 08:14 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2014-10-11 10:03 - 2011-05-05 08:14 - 00078176 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2014-10-11 10:03 - 2011-05-02 08:27 - 03308376 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2014-10-11 10:03 - 2011-05-02 08:27 - 00426328 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2014-10-11 10:03 - 2011-05-02 08:27 - 00136024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2014-10-11 10:03 - 2011-05-02 08:27 - 00118104 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2014-10-11 10:03 - 2011-05-02 08:27 - 00074072 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2014-10-11 10:03 - 2011-04-18 15:24 - 00000016 _____ () C:\Windows\system32\Drivers\rtkhdaud.dat
2014-10-11 10:03 - 2011-04-18 12:50 - 02601816 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2014-10-11 10:03 - 2011-04-18 12:50 - 02238296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2014-10-11 10:03 - 2010-11-18 05:49 - 00121744 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2014-10-11 10:03 - 2010-11-08 01:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2014-10-11 10:03 - 2010-11-08 01:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2014-10-11 10:03 - 2010-11-08 01:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2014-10-11 10:03 - 2010-11-08 01:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2014-10-11 10:03 - 2010-11-08 01:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2014-10-11 10:03 - 2010-11-08 01:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2014-10-11 10:03 - 2010-11-03 12:31 - 00332392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-10-11 10:03 - 2010-11-03 12:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2014-10-11 10:03 - 2010-10-03 07:46 - 00341336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2014-10-11 10:03 - 2010-09-27 03:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-10-11 10:03 - 2010-09-23 11:21 - 00039672 _____ () C:\Windows\system32\Drivers\RtPCEE3.DAT
2014-10-11 10:03 - 2010-07-22 10:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2014-10-11 10:03 - 2010-07-22 10:37 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-10-11 10:03 - 2010-05-06 11:34 - 00334680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2014-10-11 10:03 - 2010-03-22 07:21 - 00247560 _____ () C:\Windows\system32\Drivers\RTConvEQ.dat
2014-10-11 10:03 - 2010-03-22 07:21 - 00001448 _____ () C:\Windows\system32\Drivers\RtHdatEx.dat
2014-10-11 10:03 - 2010-02-11 09:45 - 00000176 _____ () C:\Windows\system32\Drivers\RTHDAEQ1.dat
2014-10-11 10:03 - 2010-01-26 15:52 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX3.dat
2014-10-11 10:03 - 2009-11-24 03:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2014-10-11 10:03 - 2009-11-24 03:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2014-10-11 10:03 - 2009-11-24 03:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2014-10-11 10:03 - 2009-11-24 03:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2014-10-11 10:03 - 2009-11-18 12:42 - 02197264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-10-11 10:03 - 2009-11-17 12:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-10-11 10:03 - 2008-08-21 07:43 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX2.dat
2014-10-11 10:03 - 2005-06-26 23:29 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX1.dat
2014-10-11 10:03 - 2005-06-26 23:29 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX0.dat
2014-10-11 09:59 - 2014-10-11 09:59 - 00000000 ____D () C:\Windows\SysWOW64\Atheros_L1e
2014-10-11 09:57 - 2010-11-28 22:50 - 00044672 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2014-10-11 09:55 - 2014-10-11 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2014-10-11 09:55 - 2014-10-11 09:55 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-10-11 09:55 - 2014-10-11 09:55 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-10-11 09:54 - 2014-10-11 09:54 - 00000000 ____D () C:\Program Files\ATI
2014-10-11 09:53 - 2014-10-11 09:55 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-10-11 09:52 - 2014-10-11 09:52 - 00000184 _____ () C:\Windows\LMv4.UNI
2014-10-11 09:52 - 2014-10-11 09:52 - 00000000 ____D () C:\Program Files (x86)\Launch Manager
2014-10-11 09:49 - 2014-10-11 09:49 - 00000000 ___HD () C:\book
2014-10-11 09:49 - 2014-10-11 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
2014-10-11 09:49 - 2014-10-11 09:49 - 00000000 ____D () C:\ProgramData\EgisTec
2014-10-11 09:47 - 2014-10-13 08:22 - 00510955 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 09:45 - 2014-10-11 09:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-13 08:23 - 2012-05-08 15:20 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-13 08:21 - 2012-05-08 15:22 - 00001832 _____ () C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2014-10-13 08:16 - 2012-05-08 15:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-13 08:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-12 20:00 - 2012-05-08 15:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-12 19:00 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-12 18:57 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-12 18:57 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-12 18:17 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther
2014-10-12 17:55 - 2012-05-08 15:38 - 00000000 ____D () C:\ProgramData\oem
2014-10-12 17:53 - 2012-05-08 15:32 - 00000000 ___HD () C:\OEM
2014-10-12 17:48 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore
2014-10-12 17:48 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-10-12 17:48 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-10-12 17:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-10-12 17:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-11 19:41 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-10-11 19:41 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-10-11 19:41 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2014-10-11 19:41 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-10-11 19:41 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\winrm
2014-10-11 19:41 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\WCN
2014-10-11 19:41 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\slmgr
2014-10-11 19:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-10-11 19:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-10-11 19:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-10-11 19:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-11 19:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2014-10-11 19:36 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-11 19:36 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-10-11 19:36 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-10-11 19:36 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-10-11 19:36 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-10-11 19:36 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-10-11 19:36 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-10-11 19:36 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-10-11 19:36 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-10-11 19:36 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-10-11 19:36 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-10-11 19:36 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\migwiz
2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\com
2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-10-11 19:25 - 2009-07-14 07:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-10-11 19:24 - 2009-07-14 07:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-10-11 10:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-10-11 10:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-10-11 10:29 - 2012-05-08 15:22 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-10-11 10:27 - 2012-05-08 15:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-11 10:27 - 2012-05-08 15:23 - 00000000 ____D () C:\Program Files\Acer
2014-10-11 10:14 - 2012-05-08 15:41 - 00000000 ____D () C:\Program Files (x86)\NTI
2014-10-11 10:11 - 2012-05-08 15:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-10-11 10:01 - 2012-05-08 15:37 - 00000000 ____D () C:\ProgramData\EgisTec IPS
2014-10-11 09:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-11 09:50 - 2011-02-12 05:43 - 00000000 ____D () C:\Windows\DeployWinRE2
2014-10-11 09:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-10-11 09:44 - 2009-07-14 06:45 - 00283104 _____ () C:\Windows\system32\FNTCACHE.DAT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-05-08 14:35

==================== End Of Log ============================
         
--- --- ---

--- --- ---


so, also langsam befürchte ich auch das es nen hardwarefehler ist.

denn der laptop funktioniert nun soweit...

nur sobald ich eine taste drücke, dann geht nix mehr.
mit ner externen tastatur geht alles soweit.

aber wie gesagt, sobald ich nun irgendeine taste drücke, kommt nen komisches geräusch, son bupbupbup und der laptop spackt ab.

was ich da nur komisch finde ist, das ich dann soweit nix mehr machen kann, weil dann alles automatisch so hingestellt wird den laptop runter zu fahren. auch proggies könnte ich nur abbrechen nix anderes. also demnach schaut es doch wieder nach nem virus aus. denn warum kann ich alles nur beenden? versteghe ich nicht so wirklich.

auch wenn es nun soweit ist, und ich den laptop neu starte, dann kommt nen hinweis das ich windows7 starten soll...da kann ich nix weiter klicken...weiter unten steht dann noch was von tools, windows7 memory

da muss ich manuell den laptop ausmachen neu starten und erst dann komme ich dahin ob ich windows normal starten will oder im abgesicherten modus ect.


irgendwie alles komisch...

was ist denn nun mit den berichten die ich hier einstellen sollte?
__________________

Alt 14.10.2014, 08:16   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Rootkit_hidden_driver? - Standard

Rootkit_hidden_driver?



Zitat:
was ist denn nun mit den berichten die ich hier einstellen sollte?
immer locker, das hier ist Freizeit.

Logs sind sauber, bissl Adware, aber das ist nicht das Problem. Der Laptop hat nen Hardwareproblem.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.10.2014, 15:56   #5
Steel79
 
Rootkit_hidden_driver? - Standard

Rootkit_hidden_driver?



hey sorry...sollte nicht so rüber kommen wie es rüber kam anscheind...

Ja, demnach ist das ding hinne?! oder kann man da tastatur technisch noch irgendwas machen? oder wäre das alles zu viel aufwand?


Alt 15.10.2014, 09:54   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Rootkit_hidden_driver? - Standard

Rootkit_hidden_driver?



Naja, wenn du handwerklich bissl begabt bist würd ich mal das Keyboard ausbauen und Anschlüsse checken. Evtl gleich nen neues bestellen, kostet glaube ich nicht die Welt.

Oder aber das Ding im Laden richtig durch checken.
__________________
--> Rootkit_hidden_driver?

Antwort

Themen zu Rootkit_hidden_driver?
anderen, avg, bli, blinkt, driver, einfach, eingabe, eingefangen, gen, laptop, melde, neu, neues, problem, rechner, recovery, recovery cd, rootkit, starten, tastatur, touchpad, treiber, windows, windows 7, wirklich




Zum Thema Rootkit_hidden_driver? - Hallo, ich habe von nem Kumpelö grade nen Laptop hier, der sich was eingefangen an. Dachte erstmal alles einfach, einfach Windows neu rauf und gut, doch dem ist nicht so... - Rootkit_hidden_driver?...
Archiv
Du betrachtest: Rootkit_hidden_driver? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.