| |
| |||||||
Log-Analyse und Auswertung: Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
10.04.2015, 15:35
| #1 |
 |  Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert Hallo zusammen, seit gestern habe ich ein Laptop hier, dass mich mit den Worten: "Werbung, kein Browser mehr vorhanden, bzw. installierbar - außer Crossbrowse, brauche Hilfe ..." erreichte. Ich habe nun schon einiges entfernt, aber komme jetzt nicht mehr weiter. Der IE funktioniert inzwischen wieder. Aber z. B. der Defender kann nicht ausgeführt werden, da durch Gruppenrichtlinie blockiert. Das AVG-Logo im Systray öffnet nur noch einen AVG Linkscanner??? Nachstehend nur die letzten Logs (weitere vorhanden) ... Alle Funde wurden entfernt. Code:
ATTFilter # AdwCleaner v4.201 - Bericht erstellt 09/04/2015 um 18:28:46
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Lokal]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : ACER - ACERPC
# Gestarted von : C:\Users\ACER\Desktop\AdwCleaner_4.201.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : bobyzoom
Dienst Gelöscht : cherimoya
[#] Dienst Gelöscht : Gambali
[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
[#] Dienst Gelöscht : IHProtect Service
[#] Dienst Gelöscht : pcsuservice
[#] Dienst Gelöscht : SCService
Dienst Gelöscht : tammgF119
[#] Dienst Gelöscht : tammgR119
[#] Dienst Gelöscht : 3a37b93a
[#] Dienst Gelöscht : qrnfd_1_10_0_9
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\HealthAlert
Ordner Gelöscht : C:\rei
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\Reimage Protector
Ordner Gelöscht : C:\ProgramData\HealthAlert
Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
Ordner Gelöscht : C:\ProgramData\FlashBeat
Ordner Gelöscht : C:\ProgramData\bobyzoom
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc speed up
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\pc speed up
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\Search Extensions
Ordner Gelöscht : C:\Program Files (x86)\XTab
Ordner Gelöscht : C:\Program Files (x86)\WSE_Taplika
Ordner Gelöscht : C:\Program Files (x86)\Crossbrowse
Ordner Gelöscht : C:\Program Files (x86)\Liveistream
Ordner Gelöscht : C:\Program Files (x86)\Lights Cinema 1.3betaV18.03
Ordner Gelöscht : C:\Program Files (x86)\SmartSaver+ 21
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro 3.64
Ordner Gelöscht : C:\Program Files\Reimage
Ordner Gelöscht : C:\Program Files\shopperz
Ordner Gelöscht : C:\Users\ACER\SupTab
Ordner Gelöscht : C:\Users\ACER\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\ACER\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp
Ordner Gelöscht : C:\Users\ACER\AppData\Local\SmartWeb
Ordner Gelöscht : C:\Users\ACER\AppData\Local\HealthAlert
Ordner Gelöscht : C:\Users\ACER\AppData\Local\Doctor_PC
Ordner Gelöscht : C:\Users\ACER\AppData\Local\Pro_PC_Cleaner
Ordner Gelöscht : C:\Users\ACER\AppData\Local\Taplika
Ordner Gelöscht : C:\Users\ACER\AppData\Local\Crossbrowse
Ordner Gelöscht : C:\Users\ACER\AppData\Local\mbot_de_560
Ordner Gelöscht : C:\Users\ACER\AppData\LocalLow\Allin1Convert_8hEI
Ordner Gelöscht : C:\Users\ACER\AppData\LocalLow\TelevisionFanaticEI
Ordner Gelöscht : C:\Users\ACER\AppData\LocalLow\bobyzoom
Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\AnyProtectEx
Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\ap_logs
Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\istartsurf
Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\webssearches
Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\mystartsearch
Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\PriceFountain
Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\WSE_Taplika
Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GU Player
Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Liveistream
Ordner Gelöscht : C:\Users\ACER\Documents\PCSpeedUp
Ordner Gelöscht : C:\Users\ACER\Documents\ProPCCleaner
Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\searchengine@gmail.com
Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\istart_ffnt@gmail.com
Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\bbz@bobyzoom.com
Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\e4aa8e99-7176-43d9-9f3f-3c3302d236b6@gmail.com
Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com
Ordner Gelöscht : C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdjhhpjicomphhjpehdhjenbaamdpnn
Datei Gelöscht : C:\Users\Public\Desktop\crossbrowse.lnk
Datei Gelöscht : C:\Windows\patsearch.bin
Datei Gelöscht : C:\Windows\shost.bin
Datei Gelöscht : C:\Windows\SysWOW64\Gambali.dll
Datei Gelöscht : C:\Windows\SysWOW64\GambaliOff.ini
Datei Gelöscht : C:\Windows\System32\Gambali64.dll
Datei Gelöscht : C:\Windows\System32\GambaliOff.ini
Datei Gelöscht : C:\Windows\System32\drivers\tammgf119.sys
Datei Gelöscht : C:\Windows\System32\drivers\tammgr119.sys
Datei Gelöscht : C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\crossbrowse.lnk
Datei Gelöscht : C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk
Datei Gelöscht : C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\searchplugins\mystartsearch.xml
Datei Gelöscht : C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\user.js
***** [ Geplante Tasks ] *****
Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : Crossbrowse
Task Gelöscht : DoctorPC_Popup
Task Gelöscht : DoctorPC_Start
Task Gelöscht : globalUpdateUpdateTaskMachineCore
Task Gelöscht : globalUpdateUpdateTaskMachineUA
Task Gelöscht : LaunchSignup
Task Gelöscht : Optimizer Pro Schedule
Task Gelöscht : PC SpeedUp Service Deactivator
Task Gelöscht : ProPCCleaner_Popup
Task Gelöscht : ProPCCleaner_Start
Task Gelöscht : RocketTab
Task Gelöscht : RocketTab Update Task
Task Gelöscht : 44adc2af-2714-48f8-8bba-3ede16e171b6-1-6
Task Gelöscht : 44adc2af-2714-48f8-8bba-3ede16e171b6-1-7
Task Gelöscht : 44adc2af-2714-48f8-8bba-3ede16e171b6-10_user
Task Gelöscht : 44adc2af-2714-48f8-8bba-3ede16e171b6-4
Task Gelöscht : 44adc2af-2714-48f8-8bba-3ede16e171b6-5
Task Gelöscht : 44adc2af-2714-48f8-8bba-3ede16e171b6-5_user
Task Gelöscht : fc92fb5b-fb1c-4152-b04e-d355f05c4049-1-6
Task Gelöscht : fc92fb5b-fb1c-4152-b04e-d355f05c4049-1-7
Task Gelöscht : fc92fb5b-fb1c-4152-b04e-d355f05c4049-10_user
Task Gelöscht : fc92fb5b-fb1c-4152-b04e-d355f05c4049-4
Task Gelöscht : fc92fb5b-fb1c-4152-b04e-d355f05c4049-5
Task Gelöscht : fc92fb5b-fb1c-4152-b04e-d355f05c4049-5_user
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchengine@gmail.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [istart_ffnt@gmail.com]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [pcspeedup]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PCSU.Registry
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PCSU.SysUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PCSU.SysUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PCSU.Registry.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mbot_de_560]
Schlüssel Gelöscht : HKLM\SOFTWARE\a8099acf-fae6-cbf8-ada0-1f179728a65a
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B608CC98-54DE-4775-96C9-097DE398500C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B608CC98-54DE-4775-96C9-097DE398500C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3573F849-E5CB-5D5D-3B05-D782B26FD0A9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3573F849-E5CB-5D5D-3B05-D782B26FD0A9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Boost
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\HomeTab
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\RocketTabInstalled
Schlüssel Gelöscht : HKCU\Software\Search Extensions
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\Speedchecker Limited
Schlüssel Gelöscht : HKCU\Software\Wajam
Schlüssel Gelöscht : HKCU\Software\WajIEnhance
Schlüssel Gelöscht : HKCU\Software\TNT2
Schlüssel Gelöscht : HKCU\Software\zcln
Schlüssel Gelöscht : HKCU\Software\ProPCCleanerLanguage
Schlüssel Gelöscht : HKCU\Software\ProPCCleanerConfig
Schlüssel Gelöscht : HKCU\Software\WajIntEnhance
Schlüssel Gelöscht : HKCU\Software\rttasks
Schlüssel Gelöscht : HKCU\Software\SearchProtectWS
Schlüssel Gelöscht : HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Schlüssel Gelöscht : HKCU\Software\Crossbrowse
Schlüssel Gelöscht : HKCU\Software\reimagerepair
Schlüssel Gelöscht : HKCU\Software\Lights Cinema 1.3betaV18.03
Schlüssel Gelöscht : HKCU\Software\SmartSaver+ 21
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BlockAndSurf
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\bobyzoom
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\Boost
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\EZ Software Updater
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\istartsurfSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\MyBestOffersToday
Schlüssel Gelöscht : HKLM\SOFTWARE\RocketTab
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Speedchecker Limited
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\mystartsearchSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\GAMESDESKTOP
Schlüssel Gelöscht : HKLM\SOFTWARE\IHProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Pro PC Cleaner
Schlüssel Gelöscht : HKLM\SOFTWARE\IGS
Schlüssel Gelöscht : HKLM\SOFTWARE\WajIntEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\QuickRef_1.10.0.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Crossbrowse
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
Schlüssel Gelöscht : HKLM\SOFTWARE\Lights Cinema 1.3betaV18.03
Schlüssel Gelöscht : HKLM\SOFTWARE\SmartSaver+ 21
Schlüssel Gelöscht : HKU\.DEFAULT\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Liveistream
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Speedchecker Limited
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:58242;hxxps=127.0.0.1:58242
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49198;hxxps=127.0.0.1:49198
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
***** [ Internetbrowser ] *****
-\\ Internet Explorer v0.0.0.0
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
-\\ Mozilla Firefox v
[14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultenginename", "mystartsearch");
[14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "mystartsearch");
[14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "mystartsearch");
[14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1426545671&from=cmi&uid=WDCXWD10JPVX-22JC3T0_WD-WX31E73TSL58TSL58&q={searchTerms}");
[14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "mystartsearch");
[14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("extensions.accf7276cd388480f88355b680025e1cagmailcom71387.71387.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%[...]
[14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("extensions.accf7276cd388480f88355b680025e1cagmailcom71387.71387.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22hxxp%3A//www.ho[...]
[14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("extensions.accf7276cd388480f88355b680025e1cagmailcom71387.71387.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
[14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("extensions.ae4aa8e99717643d99f3f3c3302d236b6gmailcom61794.61794.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%[...]
[14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("extensions.ae4aa8e99717643d99f3f3c3302d236b6gmailcom61794.61794.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22hxxp%3A//www.ho[...]
[14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("extensions.ae4aa8e99717643d99f3f3c3302d236b6gmailcom61794.61794.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
[14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("extensions.enabledAddons", "istart_ffnt%40gmail.com:5.3.5,searchengine%40gmail.com:1.0.0.1027,toolbar%401und1.de:3.0.5,%7B7C9AE782-DB21-4e40-81FB-AD8A53A6233A%7D:1004.55.443,suncult%40sf.ne[...]
[14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"bbz@bobyzoom.com\":{\"d\":\"C:\\\\Users\\\\ACER\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\14tvoldw.default-1420498969585\\\\exten[...]
-\\ Google Chrome v
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [2537 Bytes] - [09/09/2014 20:32:03]
AdwCleaner[R1].txt - [9591 Bytes] - [26/02/2015 22:34:41]
AdwCleaner[R2].txt - [31014 Bytes] - [09/04/2015 18:24:46]
AdwCleaner[S0].txt - [2089 Bytes] - [09/09/2014 20:34:07]
AdwCleaner[S1].txt - [8076 Bytes] - [26/02/2015 22:39:27]
AdwCleaner[S2].txt - [27741 Bytes] - [09/04/2015 18:28:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [27801 Bytes] ##########
Code:
ATTFilter # AdwCleaner v4.201 - Bericht erstellt 10/04/2015 um 15:13:29
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : ACER - ACERPC
# Gestarted von : C:\Users\ACER\Desktop\AdwCleaner_4.201.exe
# Option : Suchlauf
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v
-\\ Google Chrome v
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [2537 Bytes] - [09/09/2014 20:32:03]
AdwCleaner[R1].txt - [9591 Bytes] - [26/02/2015 22:34:41]
AdwCleaner[R2].txt - [31014 Bytes] - [09/04/2015 18:24:46]
AdwCleaner[R3].txt - [960 Bytes] - [10/04/2015 15:13:29]
AdwCleaner[S0].txt - [2089 Bytes] - [09/09/2014 20:34:07]
AdwCleaner[S1].txt - [8076 Bytes] - [26/02/2015 22:39:27]
AdwCleaner[S2].txt - [27974 Bytes] - [09/04/2015 18:28:46]
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1196 Bytes] ##########
Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by ACER at 2015-04-10 14:39:29 Run:1
Running from C:\Users\ACER\Desktop
Loaded Profiles: ACER (Available profiles: ACER)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
() C:\ProgramData\DoReMe\DoReMe.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\Run: [GoogleChromeAutoLaunch_F6515CCC0E7A16819F399CD8FB2F0977] => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58242;https=127.0.0.1:58242
Toolbar: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\istart_ffnt@gmail.com [Not Found]
FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\searchengine@gmail.com [Not Found]
FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\bbz@bobyzoom.com [Not Found]
FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com [Not Found]
FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\e4aa8e99-7176-43d9-9f3f-3c3302d236b6@gmail.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (mmgagnmbebdebebbcleklifnobamjonh) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh [2015-03-23]
R4 DoReMe; C:\ProgramData\DoReMe\DoReMe.exe [379392 2015-03-16] () [File not signed]
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
S2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
2015-04-09 17:54 - 2015-04-09 17:54 - 00000320 _____ () C:\Windows\Tasks\Tempo Runner bzdap.job
2015-03-23 00:09 - 2015-03-23 00:09 - 00768512 _____ (Reimage®) C:\Users\ACER\Downloads\ReimageRepair.exe
2015-03-21 19:38 - 2015-03-21 19:38 - 00000000 ____D () C:\417420b1675e8f19fbce
2015-03-19 22:53 - 2015-04-09 18:05 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 _____ () C:\LILD3C0.tmp
2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 _____ () C:\LILD3A1.tmp
2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 _____ () C:\LILD343.tmp
2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 _____ () C:\LILD305.tmp
2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 _____ () C:\LILD2C6.tmp
2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 _____ () C:\LILD2B7.tmp
2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 _____ () C:\LILD298.tmp
2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 _____ () C:\LILD278.tmp
2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 _____ () C:\LILD249.tmp
2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 _____ () C:\LILD22A.tmp
2015-03-17 00:28 - 2015-03-17 00:28 - 00000000 ____D () C:\ProgramData\LolyKey
2015-03-17 00:27 - 2015-03-17 00:27 - 00000000 ____D () C:\ProgramData\DoReMe
2015-03-17 00:27 - 2015-03-17 00:27 - 00000000 ____D () C:\ProgramData\2f11c29c62a04257b4ccbbad72eaeddd
2015-03-22 19:38 - 2015-03-22 19:38 - 0000042 _____ () C:\Users\ACER\AppData\Roaming\WB.CFG
*****************
C:\ProgramData\DoReMe\DoReMe.exe => No running process found
[1976] C:\Windows\System32\mfevtps.exe => Process closed successfully.
[2080] C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe => Process closed successfully.
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_F6515CCC0E7A16819F399CD8FB2F0977 => Value not found.
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion => Value not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\istart_ffnt@gmail.com not found.
C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\searchengine@gmail.com not found.
C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\bbz@bobyzoom.com not found.
C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com not found.
C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\e4aa8e99-7176-43d9-9f3f-3c3302d236b6@gmail.com not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION => Error: No automatic fix found for this entry.
C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh => Moved successfully.
DoReMe => Service deleted successfully.
mfefire => Service deleted successfully.
mfevtp => Unable to stop service
mfevtp => Service deleted successfully.
cfwids => Service deleted successfully.
mfeapfk => Service deleted successfully.
mfeavfk => Unable to stop service
mfeavfk => Service deleted successfully.
mfeelamk => Service deleted successfully.
mfefirek => Service deleted successfully.
mfehidk => Unable to stop service
mfehidk => Service deleted successfully.
mfewfpk => Unable to stop service
mfewfpk => Service deleted successfully.
C:\Windows\Tasks\Tempo Runner bzdap.job => Moved successfully.
C:\Users\ACER\Downloads\ReimageRepair.exe => Moved successfully.
C:\417420b1675e8f19fbce => Moved successfully.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
C:\LILD3C0.tmp => Moved successfully.
C:\LILD3A1.tmp => Moved successfully.
C:\LILD343.tmp => Moved successfully.
C:\LILD305.tmp => Moved successfully.
C:\LILD2C6.tmp => Moved successfully.
C:\LILD2B7.tmp => Moved successfully.
C:\LILD298.tmp => Moved successfully.
C:\LILD278.tmp => Moved successfully.
C:\LILD249.tmp => Moved successfully.
C:\LILD22A.tmp => Moved successfully.
C:\ProgramData\LolyKey => Moved successfully.
C:\ProgramData\DoReMe => Moved successfully.
C:\ProgramData\2f11c29c62a04257b4ccbbad72eaeddd => Moved successfully.
C:\Users\ACER\AppData\Roaming\WB.CFG => Moved successfully.
The system needed a reboot.
==== End of Fixlog 14:39:52 ====
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by ACER (administrator) on ACERPC on 10-04-2015 14:44:12
Running from C:\Users\ACER\Desktop
Loaded Profiles: ACER (Available profiles: ACER)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation)
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
IFEO\b9eg190.exe: [Debugger] TaskList.exe
IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\spyhunter.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajam.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmailer.1und1.de/;jsessionid=F5A3C1717E85CA067EEE8F0E32334521.TCpfix220a
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> DefaultScope {5E8C4DD6-E11D-485A-94C1-9B4760A70C26} URL = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch
SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {5649E217-8764-48F7-A498-BBC2C0C9D66F} URL =
SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {5E8C4DD6-E11D-485A-94C1-9B4760A70C26} URL = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch
SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-05-23] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-05-23] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585
FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D031915-AF725A490EB72436481F&form=CONMHP&conlogo=CT3332018
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-05-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-05-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-285109389-3928928740-2186509083-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Extension: suncultsfnet - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\suncult@sf.net [2015-03-23]
FF Extension: 1&1 MailCheck - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\toolbar@1und1.de [2015-02-26]
FF Extension: 7C9AE782DB214e4081FBAD8A53A6233A - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A} [2015-03-23]
FF Extension: OkayFreedom - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2015-03-17]
FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\istart_ffnt@gmail.com [Not Found]
FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\searchengine@gmail.com [Not Found]
FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\bbz@bobyzoom.com [Not Found]
FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com [Not Found]
FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\e4aa8e99-7176-43d9-9f3f-3c3302d236b6@gmail.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Profile: C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-17]
CHR Extension: (Google Docs) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-17]
CHR Extension: (Google Drive) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-17]
CHR Extension: (YouTube) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-17]
CHR Extension: (Google Search) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-17]
CHR Extension: (Google Sheets) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-17]
CHR Extension: (Avira Browser Safety) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Google Wallet) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-17]
CHR Extension: (Gmail) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-285109389-3928928740-2186509083-1001) OperaMail - "C:\Users\ACER\AppData\Local\Opera Mail\OperaMail.exe"
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [3053312 2014-06-26] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\Wartung\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [289248 2015-03-19] (AVG Technologies CZ, s.r.o.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2015-02-26] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-10 14:13 - 2015-04-10 14:13 - 00000000 _____ () C:\Users\ACER\Desktop\Neues Textdokument.txt
2015-04-10 12:07 - 2015-04-10 14:40 - 00001143 _____ () C:\Windows\setupact.log
2015-04-10 12:07 - 2015-04-10 12:07 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-10 11:17 - 2015-04-10 14:43 - 00246231 _____ () C:\Windows\WindowsUpdate.log
2015-04-09 20:35 - 2015-04-09 20:35 - 00001454 _____ () C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-09 19:59 - 2015-04-09 20:00 - 00030849 _____ () C:\Users\ACER\Desktop\Addition.txt
2015-04-09 19:28 - 2015-04-09 19:28 - 00001002 _____ () C:\Users\ACER\Desktop\JRT.txt
2015-04-09 19:26 - 2015-04-09 19:26 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ACERPC-Windows-8.1-(64-bit).dat
2015-04-09 19:26 - 2015-04-09 19:26 - 00000000 ____D () C:\RegBackup
2015-04-09 19:20 - 2015-04-09 19:20 - 00010195 _____ () C:\Users\ACER\Desktop\mbam2.txt
2015-04-09 18:32 - 2015-04-09 18:32 - 00000713 _____ () C:\Users\ACER\Desktop\AdwCleaner - Verknüpfung.lnk
2015-04-09 18:24 - 2015-04-09 18:21 - 02686959 _____ (Thisisu) C:\Users\ACER\Desktop\JRT.exe
2015-04-09 18:24 - 2015-04-09 18:20 - 11028616 _____ (SurfRight B.V.) C:\Users\ACER\Desktop\HitmanPro_x64.exe
2015-04-09 18:24 - 2015-04-09 18:19 - 00165376 _____ () C:\Users\ACER\Desktop\SystemLook_x64.exe
2015-04-09 18:24 - 2015-04-09 18:14 - 00852607 _____ () C:\Users\ACER\Desktop\SecurityCheck.exe
2015-04-09 18:24 - 2015-04-09 18:10 - 02217984 _____ () C:\Users\ACER\Desktop\AdwCleaner_4.201.exe
2015-04-09 17:35 - 2015-04-09 17:37 - 00041142 _____ () C:\Users\ACER\Desktop\Addition1 (1).txt
2015-04-09 17:33 - 2015-04-10 14:44 - 00019139 _____ () C:\Users\ACER\Desktop\FRST.txt
2015-04-09 17:33 - 2015-04-10 14:44 - 00000000 ____D () C:\FRST
2015-04-09 17:33 - 2015-04-09 17:37 - 00068714 _____ () C:\Users\ACER\Desktop\Addition1 (2).txt
2015-04-09 17:32 - 2015-04-09 17:33 - 02095616 _____ (Farbar) C:\Users\ACER\Desktop\FRST64.exe
2015-04-09 17:21 - 2015-04-09 17:21 - 00447066 _____ () C:\Users\ACER\Desktop\mbam1.txt
2015-04-09 16:35 - 2015-04-09 16:35 - 00001244 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-09 16:35 - 2015-04-09 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-04-09 16:35 - 2015-04-09 16:35 - 00000000 ____D () C:\Program Files (x86)\Wartung
2015-04-09 16:32 - 2015-04-09 16:34 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\ACER\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-07 19:21 - 2015-04-07 19:21 - 00003758 _____ () C:\Windows\System32\Tasks\RunTool
2015-04-07 19:20 - 2015-04-07 19:20 - 00000000 ____D () C:\Users\ACER\AppData\Local\febd4d65-44d5-43c3-99cd-f86769a9229e
2015-04-07 17:57 - 2015-04-07 17:59 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-07 17:57 - 2015-04-07 17:57 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-03-30 19:17 - 2015-04-09 20:09 - 00000000 ____D () C:\Users\ACER\Downloads\1&1 Internet AG - DSL, Hosting, Mobile Internet, Domain, Server_files
2015-03-30 19:17 - 2015-03-30 19:17 - 00026068 _____ () C:\Users\ACER\Downloads\1&1 Internet AG - DSL, Hosting, Mobile Internet, Domain, Server.html
2015-03-26 00:50 - 2015-03-26 00:51 - 00243648 _____ () C:\Users\ACER\Downloads\Firefox Setup Stub 36.0.4.exe
2015-03-25 23:55 - 2015-03-11 04:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 23:55 - 2015-03-11 00:08 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-25 23:55 - 2015-03-11 00:08 - 00943104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 23:55 - 2015-03-11 00:08 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 23:55 - 2015-03-11 00:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 23:55 - 2015-03-11 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 23:55 - 2015-03-11 00:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 00:59 - 2015-03-25 00:59 - 00001284 _____ () C:\Users\ACER\Desktop\Revo Uninstaller.lnk
2015-03-25 00:58 - 2015-03-25 00:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ACER\Downloads\revosetup95.exe
2015-03-25 00:43 - 2015-03-25 00:44 - 40909304 _____ () C:\Users\ACER\Downloads\Firefox_Setup_36.0.4.exe
2015-03-22 20:03 - 2015-03-22 23:45 - 00000000 ____D () C:\Users\ACER\Documents\DoctorPC
2015-03-19 23:40 - 2015-03-12 12:59 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-03-19 23:40 - 2015-03-12 12:58 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-03-19 23:37 - 2015-03-19 23:37 - 29419944 _____ (Oracle Corporation) C:\Users\ACER\Downloads\jre-7u60-windows.exe
2015-03-19 16:05 - 2015-03-19 16:05 - 00289248 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgwfpa.sys
2015-03-18 23:50 - 2015-03-18 23:50 - 01055936 _____ (Adobe) C:\Users\ACER\Downloads\install_flashplayer17x32_mssa_aaa_aih(1).exe
2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 ____D () C:\49ccf6f8-46c9-4f2f-b88e-36981013ca66
2015-03-17 13:30 - 2015-03-17 14:19 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Steganos
2015-03-17 13:30 - 2015-03-17 13:43 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Steganos VPN
2015-03-17 13:21 - 2015-03-17 13:21 - 00003144 _____ () C:\Windows\System32\Tasks\{D5B9B7D5-8BC2-45BD-A89D-16B2BF06CECB}
2015-03-17 00:46 - 2015-03-17 00:46 - 00613255 _____ (CMI Limited) C:\Users\ACER\AppData\Local\nswC163.tmp
2015-03-17 00:45 - 2015-04-09 19:23 - 00000000 ____D () C:\ProgramData\USNmLER
2015-03-17 00:26 - 2015-03-17 00:26 - 00000000 ____D () C:\Users\ACER\Documents\StreamTransport
2015-03-17 00:08 - 2015-03-17 00:08 - 00001038 _____ () C:\Users\Public\Desktop\PDF-Viewer.lnk
2015-03-17 00:08 - 2015-03-17 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2015-03-17 00:07 - 2015-03-17 00:08 - 00000000 ____D () C:\Program Files\Tracker Software
2015-03-15 20:14 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-15 20:14 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-03-15 20:14 - 2015-02-07 01:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-15 20:14 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-15 20:14 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-03-15 20:14 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-15 20:14 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-15 20:14 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-15 20:14 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-15 20:14 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-03-15 20:14 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-15 20:14 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-15 20:14 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-03-15 20:14 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-15 20:14 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-03-15 20:14 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-15 20:14 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2015-03-15 20:14 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-15 20:14 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-15 20:14 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-15 20:14 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-03-15 20:14 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-03-15 20:14 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-15 20:14 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-15 20:14 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-03-15 20:14 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-15 20:14 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-15 20:14 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-15 20:14 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-15 20:14 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-15 20:14 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-15 20:14 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-03-15 20:14 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-15 20:14 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-15 20:14 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-15 20:14 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-15 20:14 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-15 20:14 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-15 20:14 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-15 20:14 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-15 20:14 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-15 20:14 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-03-15 20:14 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-15 20:14 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-03-15 20:14 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-15 20:14 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-15 20:14 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-15 20:13 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-15 20:13 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-03-15 19:53 - 2015-03-15 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Eigenständige Version von Link Scanner
2015-03-11 18:30 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 18:30 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 18:30 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 18:30 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 18:30 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 18:30 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 18:30 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 18:30 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 18:30 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 18:30 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-11 18:30 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-03-11 18:30 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 18:30 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 18:29 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 18:29 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 18:29 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 18:29 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-03-11 18:29 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 18:29 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 18:29 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 18:29 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 18:29 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 18:29 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 18:29 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 18:29 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 18:29 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 18:29 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 18:29 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-11 18:29 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 18:29 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 18:29 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 18:29 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-11 18:29 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-11 18:29 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-11 18:29 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 18:29 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 18:29 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 18:29 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 18:29 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 18:29 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-11 18:29 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-03-11 18:29 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 18:29 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-03-11 18:29 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 18:29 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 18:29 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 18:29 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 18:29 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 18:29 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 18:29 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 18:29 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 18:29 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 18:29 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 18:29 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 18:29 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 18:29 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 18:29 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 18:29 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-10 14:42 - 2014-08-14 19:23 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Skype
2015-04-10 14:41 - 2014-11-19 12:34 - 00000000 __RDO () C:\Users\ACER\OneDrive
2015-04-10 14:41 - 2014-07-26 19:21 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-10 14:40 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-10 14:34 - 2014-11-25 22:59 - 00215040 ___SH () C:\Users\ACER\Downloads\Thumbs.db
2015-04-10 14:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-10 12:49 - 2013-12-19 19:56 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2015-04-10 12:49 - 2013-12-19 19:56 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2015-04-10 12:49 - 2013-09-06 09:08 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 12:40 - 2013-08-22 15:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-04-10 11:36 - 2014-02-15 21:41 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{24C2E650-C124-4299-A085-B8D56F0EF902}
2015-04-10 11:23 - 2014-09-24 13:02 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-09 21:57 - 2013-12-19 11:25 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-04-09 21:56 - 2014-05-20 23:17 - 00205312 ___SH () C:\Users\ACER\Desktop\Thumbs.db
2015-04-09 21:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-09 21:24 - 2014-04-15 19:52 - 00000000 ____D () C:\Users\ACER\AppData\Local\CrashDumps
2015-04-09 20:32 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-04-09 20:30 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-09 18:34 - 2014-08-14 13:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-09 18:29 - 2014-09-09 20:31 - 00000000 ____D () C:\AdwCleaner
2015-04-09 18:28 - 2014-02-15 04:01 - 00000000 ____D () C:\Users\ACER
2015-04-09 17:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-05 22:27 - 2014-09-24 13:08 - 00001001 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-03-26 23:08 - 2014-12-13 01:03 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 23:08 - 2014-07-10 22:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-26 18:31 - 2015-03-06 18:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-26 00:00 - 2014-05-02 22:32 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\vlc
2015-03-21 19:34 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-03-21 19:34 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\servicing
2015-03-21 19:23 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\registration
2015-03-21 19:22 - 2014-05-02 23:19 - 00000000 ____D () C:\Users\ACER\AppData\Local\Google
2015-03-20 01:01 - 2014-07-10 21:00 - 00000000 ____D () C:\Users\ACER\AppData\Local\Adobe
2015-03-18 23:53 - 2013-09-06 09:16 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-18 01:26 - 2014-05-13 18:09 - 00000000 ____D () C:\Program Files\Recuva
2015-03-17 06:15 - 2014-08-14 13:33 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-08-14 13:33 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2014-08-14 13:33 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-17 00:54 - 2014-05-02 23:19 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-16 22:54 - 2013-08-22 16:44 - 00365096 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-15 23:27 - 2014-04-05 17:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-15 23:22 - 2014-04-05 17:04 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2014-08-06 16:51 - 2014-08-12 11:40 - 0016958 _____ () C:\Users\ACER\AppData\Local\gem.ico
2014-08-06 16:51 - 2014-08-12 11:40 - 0127112 _____ () C:\Users\ACER\AppData\Local\mybet.ico
2014-08-12 13:34 - 2014-08-12 13:34 - 0575544 _____ (ClickMeIn Limited) C:\Users\ACER\AppData\Local\nsgAB37.tmp
2015-03-17 00:46 - 2015-03-17 00:46 - 0613255 _____ (CMI Limited) C:\Users\ACER\AppData\Local\nswC163.tmp
2014-08-10 23:02 - 2014-08-10 23:02 - 0000932 _____ () C:\Users\ACER\AppData\Local\recently-used.xbel
2014-04-05 16:34 - 2014-04-05 16:34 - 0000017 _____ () C:\Users\ACER\AppData\Local\resmon.resmoncfg
2013-12-19 11:30 - 2013-12-19 11:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\ACER\AppData\Local\Temp\playerfile.exe
C:\Users\ACER\AppData\Local\Temp\Quarantine.exe
C:\Users\ACER\AppData\Local\Temp\sqlite3.dll
C:\Users\ACER\AppData\Local\Temp\sysad.exe
C:\Users\ACER\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\ACER\AppData\Local\Temp\System.Data.SQLitefebd4d65-44d5-43c3-99cd-f86769a9229e.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-09 17:41
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by ACER at 2015-04-10 14:45:53
Running from C:\Users\ACER\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.00.3000 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8101 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.3001 - Acer Incorporated)
AMD Catalyst Install Manager (HKLM\...\{4465D909-4FA8-86D2-121C-676BB60E63D7}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4273 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP)
ETDWare PS/2-X64 11.6.27.201_WHQL (HKLM\...\Elantech) (Version: 11.6.27.201 - ELAN Microelectronic Corp.)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.312.1 - Tracker Software Products Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-285109389-3928928740-2186509083-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-285109389-3928928740-2186509083-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-285109389-3928928740-2186509083-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-285109389-3928928740-2186509083-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-285109389-3928928740-2186509083-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-285109389-3928928740-2186509083-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
==================== Restore Points =========================
22-03-2015 19:49:29 LavasoftWeCompanion
26-03-2015 23:05:06 Windows Update
07-04-2015 17:55:26 Windows Modules Installer
09-04-2015 20:29:37 Windows Modules Installer
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1E0A6BB6-7981-45CC-99D3-AEBB5D8A1989} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {1FE1F153-7E78-4A28-B2A5-B8CA66D682AD} - System32\Tasks\{842D99C5-0D6E-48C7-83F2-B720256ADA68} => pcalua.exe -a "C:\Program Files\Reimage\Reimage Repair\uninst.exe"
Task: {245AF862-9C26-4B71-BB65-94A50076E3CE} - System32\Tasks\{1ED86A35-2052-46D9-A721-FB3E769F7F82} => Iexplore.exe http://ui.skype.com/ui/0/6.18.0.106/de/abandoninstall?source=lightinstaller&page=tsMain
Task: {34D9F19F-CE91-49AA-8674-58171BE3E021} - System32\Tasks\ApplicationCompatibilityauf => C:\Windows\hh64.exe
Task: {539332B6-50AB-4186-9424-B9F14CAB0676} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {546301A8-A38F-4790-8FE8-42EC180792ED} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {566B7660-B965-40DE-AEE5-4E3D72938FA1} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-03] (Acer Incorporate)
Task: {5F846995-83DC-41BD-964E-5212158849BA} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {66547D75-40C9-45E4-80EB-819DDC3EFB83} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {7243063F-46DB-4B6F-9F8F-C2B76FBB2143} - System32\Tasks\RunTool => C:\Users\ACER\AppData\Local\febd4d65-44d5-43c3-99cd-f86769a9229e\sysad.exe [2015-04-07] ()
Task: {813FEA59-09A6-4910-B7AD-649A244B7768} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2013-08-02] (Acer Incorporate)
Task: {8782D9F2-F096-4E66-ACB1-BBB5E85B0B3B} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {88E7F1A6-3270-4367-B5DC-45E11201880E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-15] (Microsoft Corporation)
Task: {97B2FCA8-1A10-4F37-974D-27F0458C3C6E} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe
Task: {99958243-F6DF-44B9-B1D3-9E7746D277F7} - System32\Tasks\ACER NBAgent 15 0 => C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBAgent.exe
Task: {9DF5D28C-8F74-4CC1-A387-2DC5D32FD33A} - System32\Tasks\{ECDF465A-384D-497E-A7AE-64738EA892B9} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1
Task: {A36A8105-6733-490B-9484-67E0FC475D6B} - System32\Tasks\{1CFB0DF4-9366-48BE-9892-3A05990E270D} => pcalua.exe -a "C:\Program Files (x86)\FotoWorksXL2014\unins000.exe"
Task: {A57CCAB0-A3AC-46CE-B006-2972C6656911} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-26] (Google Inc.)
Task: {C8058DA3-E360-4493-BCFE-8B0199E8055C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-26] (Google Inc.)
Task: {CA1B2D26-5F6B-4B1C-BD39-CF4124E1E5A8} - System32\Tasks\{D5B9B7D5-8BC2-45BD-A89D-16B2BF06CECB} => pcalua.exe -a C:\Users\ACER\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cmi
Task: {D351BB32-A757-413A-8958-145F7C599493} - System32\Tasks\{8E512067-F40B-4D10-A757-348220C989E8} => Iexplore.exe http://ui.skype.com/ui/0/6.18.0.106/de/abandoninstall?source=lightinstaller&page=tsMain
Task: {D3CA65F7-0742-4C68-9447-508938417B63} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {E84E0E46-245F-4B45-831C-8D255E559D31} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {F83946E6-618D-47B7-9983-7ADF170A6A5B} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-09-12] (Acer Incorporated)
Task: {FC0BF0FE-C410-40C7-98C4-4FC043D1A27E} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-04-06 15:04 - 2005-04-22 06:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2014-12-03 01:16 - 2014-12-03 01:16 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-11-21 19:26 - 2014-06-04 11:21 - 00571904 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-11-21 19:26 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\ACER\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: 3a37b93a => 2
MSCONFIG\Services: bobyzoom => 2
MSCONFIG\Services: bzwdg => 2
MSCONFIG\Services: DoReMe => 2
MSCONFIG\Services: Gambali => 2
MSCONFIG\Services: globalUpdate => 2
MSCONFIG\Services: globalUpdatem => 3
MSCONFIG\Services: IHProtect Service => 2
MSCONFIG\Services: PCSUService => 2
MSCONFIG\Services: rWdwohv => 2
MSCONFIG\Services: SCService => 2
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "BlockAndSurf"
HKLM\...\StartupApproved\Run32: => "fst_de_135"
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\StartupApproved\StartupFolder: => "crossbrowse.lnk"
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\StartupApproved\Run: => "eM Client"
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F6515CCC0E7A16819F399CD8FB2F0977"
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\StartupApproved\Run: => "Optimizer Pro"
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\StartupApproved\Run: => "PCSpeedUp"
==================== Accounts: =============================
ACER (S-1-5-21-285109389-3928928740-2186509083-1001 - Administrator - Enabled) => C:\Users\ACER
Administrator (S-1-5-21-285109389-3928928740-2186509083-500 - Administrator - Disabled)
Gast (S-1-5-21-285109389-3928928740-2186509083-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-285109389-3928928740-2186509083-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Dell 3333dn
Description: Dell 3333dn
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Dell
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/10/2015 00:51:36 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.
Error: (04/09/2015 08:40:12 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.
Error: (04/09/2015 08:28:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 12f8
Startzeit: 01d072f2376749d6
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 2b77d53b-dee6-11e4-82bc-3065ec2c4a51
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (04/09/2015 07:51:49 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.
Error: (04/09/2015 05:50:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bzdap.exe, Version: 1.1.0.30, Zeitstempel: 0x550ef690
Name des fehlerhaften Moduls: bobyzoomutil32.dll, Version: 1.1.0.30, Zeitstempel: 0x550ef681
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00006708
ID des fehlerhaften Prozesses: 0x1e7c
Startzeit der fehlerhaften Anwendung: 0xbzdap.exe0
Pfad der fehlerhaften Anwendung: bzdap.exe1
Pfad des fehlerhaften Moduls: bzdap.exe2
Berichtskennung: bzdap.exe3
Vollständiger Name des fehlerhaften Pakets: bzdap.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: bzdap.exe5
Error: (04/08/2015 03:37:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bzagnt.exe, Version: 1.1.0.30, Zeitstempel: 0x550ef681
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17668, Zeitstempel: 0x54c846bb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004264d
ID des fehlerhaften Prozesses: 0x71c
Startzeit der fehlerhaften Anwendung: 0xbzagnt.exe0
Pfad der fehlerhaften Anwendung: bzagnt.exe1
Pfad des fehlerhaften Moduls: bzagnt.exe2
Berichtskennung: bzagnt.exe3
Vollständiger Name des fehlerhaften Pakets: bzagnt.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: bzagnt.exe5
Error: (04/07/2015 07:21:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.9600.17415, Zeitstempel: 0x545046f0
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17668, Zeitstempel: 0x54c846bb
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000e5934
ID des fehlerhaften Prozesses: 0x175c
Startzeit der fehlerhaften Anwendung: 0xwmplayer.exe0
Pfad der fehlerhaften Anwendung: wmplayer.exe1
Pfad des fehlerhaften Moduls: wmplayer.exe2
Berichtskennung: wmplayer.exe3
Vollständiger Name des fehlerhaften Pakets: wmplayer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: wmplayer.exe5
Error: (04/07/2015 07:19:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm sllauncher.exe, Version 5.1.30514.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e60
Startzeit: 01d07156f371b757
Endzeit: 93
Anwendungspfad: C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe
Berichts-ID: 4d7f0550-dd4a-11e4-82b6-3065ec2c4a51
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (04/07/2015 05:58:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ACERPC)
Description: Bei der Aktivierung der App „winstore_cw5n1h2txyewy!Windows.Store“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (04/07/2015 05:57:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: ACERPC)
Description: Die App „winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.
System errors:
=============
Error: (04/10/2015 02:39:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "McAfee Firewall Core Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/10/2015 00:45:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1243
Error: (04/10/2015 00:44:15 PM) (Source: DCOM) (EventID: 10005) (User: ACERPC)
Description: 1084WSearchNicht verfügbar{9E175B68-F52A-11D8-B9A5-505054503030}
Error: (04/10/2015 00:44:14 PM) (Source: DCOM) (EventID: 10005) (User: ACERPC)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (04/10/2015 00:44:08 PM) (Source: DCOM) (EventID: 10005) (User: ACERPC)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (04/10/2015 00:43:52 PM) (Source: DCOM) (EventID: 10005) (User: ACERPC)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (04/10/2015 00:43:52 PM) (Source: DCOM) (EventID: 10005) (User: ACERPC)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (04/10/2015 00:43:52 PM) (Source: DCOM) (EventID: 10005) (User: ACERPC)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (04/10/2015 00:43:46 PM) (Source: DCOM) (EventID: 10005) (User: ACERPC)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (04/10/2015 00:43:40 PM) (Source: DCOM) (EventID: 10005) (User: ACERPC)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Microsoft Office Sessions:
=========================
Error: (04/10/2015 00:51:36 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/09/2015 08:40:12 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/09/2015 08:28:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068912f801d072f2376749d64294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe2b77d53b-dee6-11e4-82bc-3065ec2c4a51microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (04/09/2015 07:51:49 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/09/2015 05:50:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: bzdap.exe1.1.0.30550ef690bobyzoomutil32.dll1.1.0.30550ef681c0000005000067081e7c01d072ce2f312a41C:\ProgramData\bobyzoom\1.1.0.30\bzdap.exeC:\ProgramData\bobyzoom\1.1.0.30\bobyzoomutil32.dll2adb94ba-ded0-11e4-82b6-3065ec2c4a51
Error: (04/08/2015 03:37:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: bzagnt.exe1.1.0.30550ef681ntdll.dll6.3.9600.1766854c846bbc00000050004264d71c01d064ede87a1922C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exeC:\Windows\SYSTEM32\ntdll.dll7615798f-ddf4-11e4-82b6-3065ec2c4a51
Error: (04/07/2015 07:21:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmplayer.exe12.0.9600.17415545046f0ntdll.dll6.3.9600.1766854c846bbc0000374000e5934175c01d0715733affd1fC:\Program Files (x86)\Windows Media Player\wmplayer.exeC:\Windows\SYSTEM32\ntdll.dll76809a53-dd4a-11e4-82b6-3065ec2c4a51
Error: (04/07/2015 07:19:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: sllauncher.exe5.1.30514.0e6001d07156f371b75793C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe4d7f0550-dd4a-11e4-82b6-3065ec2c4a51
Error: (04/07/2015 05:58:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ACERPC)
Description: winstore_cw5n1h2txyewy!Windows.Store-2144927142
Error: (04/07/2015 05:57:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: ACERPC)
Description: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store
CodeIntegrity Errors:
===================================
Date: 2015-03-19 22:55:38.559
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-19 22:55:38.059
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-19 22:55:37.543
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-19 22:55:34.840
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-19 22:55:34.090
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-17 15:24:43.700
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-17 15:24:43.059
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-17 15:23:10.240
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-17 15:23:09.616
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-17 15:23:08.897
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
|
|
10.04.2015, 15:46
| #2 |
| /// the machine /// TB-Ausbilder    | Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert Hi,
__________________wer hat die fixlist erstellt??? Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ |
|
10.04.2015, 15:58
| #3 |
| | Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert Hallo Schrauber,
__________________die fixlist habe ich erstellt. War hoffentlich nicht allzu dilettantisch!?  Ich dachte, ich könnte Euch Arbeit ersparen ...Code:
ATTFilter Farbar Service Scanner Version: 17-01-2015
Ran by ACER (administrator) on 10-04-2015 at 16:51:46
Running from "C:\Users\ACER\Desktop"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Action Center:
============
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
Geändert von Riddle (10.04.2015 um 16:31 Uhr) |
|
11.04.2015, 07:21
| #4 |
| /// the machine /// TB-Ausbilder | Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter IFEO\b9eg190.exe: [Debugger] TaskList.exe
IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\spyhunter.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajam.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> DefaultScope {5E8C4DD6-E11D-485A-94C1-9B4760A70C26} URL = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch
SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {5649E217-8764-48F7-A498-BBC2C0C9D66F} URL =
SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {5E8C4DD6-E11D-485A-94C1-9B4760A70C26} URL = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch
SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
FF Extension: suncultsfnet - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\suncult@sf.net [2015-03-23]
FF Extension: OkayFreedom - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2015-03-17]
FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\istart_ffnt@gmail.com [Not Found]
FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\searchengine@gmail.com [Not Found]
FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\bbz@bobyzoom.com [Not Found]
FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com [Not Found]
FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\e4aa8e99-7176-43d9-9f3f-3c3302d236b6@gmail.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Windows Repair Tool laufen lassen: Windows reparieren - so geht's - Anleitungen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.04.2015, 08:14
| #5 |
| | Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert Guten Morgen, hier das Logfile: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by ACER at 2015-04-11 09:08:42 Run:2
Running from C:\Users\ACER\Desktop
Loaded Profiles: ACER (Available profiles: ACER)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
IFEO\b9eg190.exe: [Debugger] TaskList.exe
IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\spyhunter.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajam.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> DefaultScope {5E8C4DD6-E11D-485A-94C1-9B4760A70C26} URL = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch
SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {5649E217-8764-48F7-A498-BBC2C0C9D66F} URL =
SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {5E8C4DD6-E11D-485A-94C1-9B4760A70C26} URL = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch
SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
FF Extension: suncultsfnet - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\suncult@sf.net [2015-03-23]
FF Extension: OkayFreedom - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2015-03-17]
FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\istart_ffnt@gmail.com [Not Found]
FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\searchengine@gmail.com [Not Found]
FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\bbz@bobyzoom.com [Not Found]
FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com [Not Found]
FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\e4aa8e99-7176-43d9-9f3f-3c3302d236b6@gmail.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
Emptytemp:
*****************
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\b9eg190.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleads.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleadsapplication.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleadsservice.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqquotes.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ContentExplorer.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\donutleads.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\donutquotes.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancer.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancerservice.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pastaleads.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pastaquotes.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spyhunter.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\theanswerfinder.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajam.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancer.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerApp.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerAppservice.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancerservice.exe" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-285109389-3928928740-2186509083-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5649E217-8764-48F7-A498-BBC2C0C9D66F}" => Key deleted successfully.
HKCR\CLSID\{5649E217-8764-48F7-A498-BBC2C0C9D66F} => Key not found.
"HKU\S-1-5-21-285109389-3928928740-2186509083-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5E8C4DD6-E11D-485A-94C1-9B4760A70C26}" => Key deleted successfully.
HKCR\CLSID\{5E8C4DD6-E11D-485A-94C1-9B4760A70C26} => Key not found.
"HKU\S-1-5-21-285109389-3928928740-2186509083-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\suncult@sf.net not found.
C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi not found.
C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\istart_ffnt@gmail.com not found.
C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\searchengine@gmail.com not found.
C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\bbz@bobyzoom.com not found.
C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com not found.
C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\e4aa8e99-7176-43d9-9f3f-3c3302d236b6@gmail.com not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
esgiguard => Service deleted successfully.
EmptyTemp: => Removed 291.8 MB temporary data.
The system needed a reboot.
==== End of Fixlog 09:09:16 ====
|
|
11.04.2015, 18:08
| #6 |
| /// the machine /// TB-Ausbilder | Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert Repair Tool gemacht? Frisches FRST log bitte. Noch Probleme?
__________________ --> Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert |
|
12.04.2015, 09:02
| #7 |
| | Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert Die Anweisung mit dem Repair Tool hatte ich glatt übersehen ... Habe ich jetzt im abgesicherten Modus nachgeholt. Bin mir nicht sicher, ob alles fehlerfrei durchgelaufen ist, die Meldungen sind aber teilweise so schnell wieder verschwunden. Der 1. Neustart war auch etwas ungewöhnlich. Windows startete mit einem schwarzen Bildschirm und geöffnetem IE. Erst als ich den geschlossen habe, zeigte sich Windows mit dem normalen Desktop. (Noch habe ich keinen weiteren Neustart gemacht.) Windows Defender läuft wieder. Den AVG Linkscanner habe ich gestern deinstalliert und AVG Remover ausgeführt. Eine Neuinstallation von AVG funktioniert aber nicht. Fehler 0xC0070652. Angeblich läuft eine 2. Installation, die erst beendet werden soll. Gleiches Verhalten vor und nach Repair Tool. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by ACER (administrator) on ACERPC on 12-04-2015 09:40:25
Running from C:\Users\ACER\Desktop
Loaded Profiles: ACER (Available profiles: ACER)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation)
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58242;https=127.0.0.1:58242
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmailer.1und1.de/;jsessionid=F5A3C1717E85CA067EEE8F0E32334521.TCpfix220a
HKU\S-1-5-21-285109389-3928928740-2186509083-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> DefaultScope {96CDA478-1897-4269-AD80-9D87EC5DB261} URL = https://duckduckgo.com/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {5649E217-8764-48F7-A498-BBC2C0C9D66F} URL =
SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {96CDA478-1897-4269-AD80-9D87EC5DB261} URL = https://duckduckgo.com/?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-05-23] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-05-23] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585
FF DefaultSearchEngine: DuckDuckGo
FF Homepage: https://www.startpage.com
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-05-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-05-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-285109389-3928928740-2186509083-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Extension: 1&1 MailCheck - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\toolbar@1und1.de [2015-02-26]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Profile: C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-17]
CHR Extension: (Google Docs) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-17]
CHR Extension: (Google Drive) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-17]
CHR Extension: (YouTube) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-17]
CHR Extension: (Google Search) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-17]
CHR Extension: (Google Sheets) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-17]
CHR Extension: (Avira Browser Safety) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Google Wallet) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-17]
CHR Extension: (Gmail) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-17]
Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-285109389-3928928740-2186509083-1001) OperaMail - "C:\Users\ACER\AppData\Local\Opera Mail\OperaMail.exe"
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [3053312 2014-06-26] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\Wartung\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2015-02-26] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-11 21:40 - 2015-04-11 21:37 - 02701841 _____ () C:\Users\ACER\Desktop\CBS.log
2015-04-11 20:20 - 2015-04-11 20:20 - 00000000 ____D () C:\Users\ACER\Downloads\tweaking.com_windows_repair_aio
2015-04-11 20:16 - 2015-04-11 20:17 - 10661081 _____ () C:\Users\ACER\Downloads\tweaking.com_windows_repair_aio.zip
2015-04-11 12:47 - 2015-04-11 12:48 - 01565744 _____ () C:\Users\ACER\Downloads\AVG_Remover_en.exe
2015-04-11 12:45 - 2015-04-11 12:45 - 00084759 _____ () C:\Users\ACER\Desktop\AVGInstLog.cab
2015-04-11 12:29 - 2015-04-12 09:28 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-11 12:29 - 2015-04-11 12:29 - 00000000 ____D () C:\Users\ACER\AppData\Local\MFAData
2015-04-11 12:29 - 2015-04-11 12:29 - 00000000 ____D () C:\Users\ACER\AppData\Local\Avg2015
2015-04-11 12:25 - 2015-04-12 09:15 - 00098232 _____ () C:\Windows\PFRO.log
2015-04-11 12:23 - 2015-04-11 12:25 - 00471572 _____ () C:\Users\ACER\Desktop\avgremover.log
2015-04-11 12:05 - 2015-04-11 12:18 - 183952072 _____ (AVG Technologies) C:\Users\ACER\Downloads\avg_free_x64_all_2015_ltst_221_5863.exe
2015-04-11 12:03 - 2015-04-11 12:03 - 03691688 _____ () C:\Users\ACER\Downloads\AVG_Remover_2015.zip
2015-04-10 18:46 - 2015-04-12 09:30 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-285109389-3928928740-2186509083-1001
2015-04-10 18:41 - 2015-04-10 18:41 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-10 18:41 - 2015-04-10 18:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-10 16:51 - 2015-04-10 16:51 - 00002794 _____ () C:\Users\ACER\Desktop\FSS.txt
2015-04-10 16:51 - 2015-04-10 16:49 - 00415232 _____ (Farbar) C:\Users\ACER\Desktop\FSS.exe
2015-04-10 15:56 - 2015-04-10 15:56 - 00006858 _____ () C:\Users\ACER\Desktop\HitmanPro_20150410_1556.log
2015-04-10 15:48 - 2015-04-10 16:04 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-10 15:48 - 2015-04-10 15:48 - 00000000 ____D () C:\Program Files\HitmanPro
2015-04-10 14:13 - 2015-04-11 11:34 - 00000031 _____ () C:\Users\ACER\Desktop\Neues Textdokument.txt
2015-04-10 12:07 - 2015-04-12 09:19 - 00001839 _____ () C:\Windows\setupact.log
2015-04-10 12:07 - 2015-04-10 12:07 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-10 11:17 - 2015-04-12 09:37 - 00921160 _____ () C:\Windows\WindowsUpdate.log
2015-04-09 20:35 - 2015-04-09 20:35 - 00001454 _____ () C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-09 19:59 - 2015-04-10 14:46 - 00030440 _____ () C:\Users\ACER\Desktop\Addition.txt
2015-04-09 19:28 - 2015-04-09 19:28 - 00001002 _____ () C:\Users\ACER\Desktop\JRT.txt
2015-04-09 19:26 - 2015-04-09 19:26 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ACERPC-Windows-8.1-(64-bit).dat
2015-04-09 19:26 - 2015-04-09 19:26 - 00000000 ____D () C:\RegBackup
2015-04-09 19:20 - 2015-04-09 19:20 - 00010195 _____ () C:\Users\ACER\Desktop\mbam2.txt
2015-04-09 18:32 - 2015-04-09 18:32 - 00000713 _____ () C:\Users\ACER\Desktop\AdwCleaner - Verknüpfung.lnk
2015-04-09 18:24 - 2015-04-09 18:21 - 02686959 _____ (Thisisu) C:\Users\ACER\Desktop\JRT.exe
2015-04-09 18:24 - 2015-04-09 18:20 - 11028616 _____ (SurfRight B.V.) C:\Users\ACER\Desktop\HitmanPro_x64.exe
2015-04-09 18:24 - 2015-04-09 18:19 - 00165376 _____ () C:\Users\ACER\Desktop\SystemLook_x64.exe
2015-04-09 18:24 - 2015-04-09 18:14 - 00852607 _____ () C:\Users\ACER\Desktop\SecurityCheck.exe
2015-04-09 18:24 - 2015-04-09 18:10 - 02217984 _____ () C:\Users\ACER\Desktop\AdwCleaner_4.201.exe
2015-04-09 17:35 - 2015-04-09 17:37 - 00041142 _____ () C:\Users\ACER\Desktop\Addition1 (1).txt
2015-04-09 17:33 - 2015-04-12 09:40 - 00015637 _____ () C:\Users\ACER\Desktop\FRST.txt
2015-04-09 17:33 - 2015-04-12 09:40 - 00000000 ____D () C:\FRST
2015-04-09 17:33 - 2015-04-09 17:37 - 00068714 _____ () C:\Users\ACER\Desktop\Addition1 (2).txt
2015-04-09 17:32 - 2015-04-09 17:33 - 02095616 _____ (Farbar) C:\Users\ACER\Desktop\FRST64.exe
2015-04-09 17:21 - 2015-04-09 17:21 - 00447066 _____ () C:\Users\ACER\Desktop\mbam1.txt
2015-04-09 16:35 - 2015-04-09 16:35 - 00001244 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-09 16:35 - 2015-04-09 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-04-09 16:35 - 2015-04-09 16:35 - 00000000 ____D () C:\Program Files (x86)\Wartung
2015-04-09 16:32 - 2015-04-09 16:34 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\ACER\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-07 19:21 - 2015-04-07 19:21 - 00003758 _____ () C:\Windows\System32\Tasks\RunTool
2015-04-07 19:20 - 2015-04-07 19:20 - 00000000 ____D () C:\Users\ACER\AppData\Local\febd4d65-44d5-43c3-99cd-f86769a9229e
2015-04-07 17:57 - 2015-04-07 17:59 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-07 17:57 - 2015-04-07 17:57 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-03-30 19:17 - 2015-04-09 20:09 - 00000000 ____D () C:\Users\ACER\Downloads\1&1 Internet AG - DSL, Hosting, Mobile Internet, Domain, Server_files
2015-03-30 19:17 - 2015-03-30 19:17 - 00026068 _____ () C:\Users\ACER\Downloads\1&1 Internet AG - DSL, Hosting, Mobile Internet, Domain, Server.html
2015-03-25 23:55 - 2015-03-11 04:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 23:55 - 2015-03-11 00:08 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-25 23:55 - 2015-03-11 00:08 - 00943104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 23:55 - 2015-03-11 00:08 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 23:55 - 2015-03-11 00:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 23:55 - 2015-03-11 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 23:55 - 2015-03-11 00:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 00:59 - 2015-03-25 00:59 - 00001284 _____ () C:\Users\ACER\Desktop\Revo Uninstaller.lnk
2015-03-25 00:58 - 2015-03-25 00:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ACER\Downloads\revosetup95.exe
2015-03-19 23:40 - 2015-03-12 12:59 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-03-19 23:40 - 2015-03-12 12:58 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 ____D () C:\49ccf6f8-46c9-4f2f-b88e-36981013ca66
2015-03-17 13:30 - 2015-03-17 14:19 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Steganos
2015-03-17 13:30 - 2015-03-17 13:43 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Steganos VPN
2015-03-17 13:21 - 2015-03-17 13:21 - 00003144 _____ () C:\Windows\System32\Tasks\{D5B9B7D5-8BC2-45BD-A89D-16B2BF06CECB}
2015-03-17 00:46 - 2015-03-17 00:46 - 00613255 _____ (CMI Limited) C:\Users\ACER\AppData\Local\nswC163.tmp
2015-03-17 00:26 - 2015-03-17 00:26 - 00000000 ____D () C:\Users\ACER\Documents\StreamTransport
2015-03-17 00:08 - 2015-03-17 00:08 - 00001038 _____ () C:\Users\Public\Desktop\PDF-Viewer.lnk
2015-03-17 00:08 - 2015-03-17 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2015-03-17 00:07 - 2015-03-17 00:08 - 00000000 ____D () C:\Program Files\Tracker Software
2015-03-15 20:14 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-15 20:14 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-03-15 20:14 - 2015-02-07 01:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-15 20:14 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-15 20:14 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-03-15 20:14 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-15 20:14 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-15 20:14 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-15 20:14 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-15 20:14 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-03-15 20:14 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-15 20:14 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-15 20:14 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-03-15 20:14 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-15 20:14 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-03-15 20:14 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-15 20:14 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2015-03-15 20:14 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-15 20:14 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-15 20:14 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-15 20:14 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-03-15 20:14 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-03-15 20:14 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-15 20:14 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-15 20:14 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-03-15 20:14 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-15 20:14 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-15 20:14 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-15 20:14 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-15 20:14 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-15 20:14 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-15 20:14 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-03-15 20:14 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-15 20:14 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-15 20:14 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-15 20:14 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-15 20:14 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-15 20:14 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-15 20:14 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-15 20:14 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-15 20:14 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-15 20:14 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-03-15 20:14 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-15 20:14 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-03-15 20:14 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-15 20:14 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-15 20:14 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-15 20:13 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-15 20:13 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-12 09:41 - 2014-07-26 19:21 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-12 09:32 - 2014-08-14 19:23 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Skype
2015-04-12 09:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-12 09:26 - 2014-02-15 21:41 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{24C2E650-C124-4299-A085-B8D56F0EF902}
2015-04-12 09:25 - 2014-11-19 12:34 - 00000000 __RDO () C:\Users\ACER\OneDrive
2015-04-12 09:25 - 2014-05-20 23:17 - 00205312 ___SH () C:\Users\ACER\Desktop\Thumbs.db
2015-04-12 09:24 - 2013-12-19 19:56 - 00660862 _____ () C:\Windows\system32\perfh007.dat
2015-04-12 09:24 - 2013-12-19 19:56 - 00134562 _____ () C:\Windows\system32\perfc007.dat
2015-04-12 09:24 - 2013-09-06 09:08 - 01561384 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 09:20 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 09:19 - 2013-08-22 15:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-04-12 09:15 - 2013-08-22 16:44 - 00365096 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-11 22:10 - 2013-08-22 15:25 - 00000160 _____ () C:\Windows\win.ini
2015-04-11 20:25 - 2014-08-14 15:07 - 00000000 ____D () C:\Windows\pss
2015-04-11 13:29 - 2013-12-19 11:25 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-04-11 12:32 - 2014-09-24 13:07 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-04-11 12:22 - 2014-09-09 17:11 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\ACER\Desktop\avg_remover_stf_x64_2015_5501.exe
2015-04-10 19:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-10 18:41 - 2015-03-06 18:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-10 15:15 - 2014-09-09 20:31 - 00000000 ____D () C:\AdwCleaner
2015-04-10 14:34 - 2014-11-25 22:59 - 00215040 ___SH () C:\Users\ACER\Downloads\Thumbs.db
2015-04-09 21:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-09 21:24 - 2014-04-15 19:52 - 00000000 ____D () C:\Users\ACER\AppData\Local\CrashDumps
2015-04-09 20:32 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-04-09 20:30 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-09 18:34 - 2014-08-14 13:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-09 18:28 - 2014-02-15 04:01 - 00000000 ____D () C:\Users\ACER
2015-03-26 23:08 - 2014-12-13 01:03 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 23:08 - 2014-07-10 22:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-26 00:00 - 2014-05-02 22:32 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\vlc
2015-03-21 19:34 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-03-21 19:34 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\servicing
2015-03-21 19:23 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\registration
2015-03-21 19:22 - 2014-05-02 23:19 - 00000000 ____D () C:\Users\ACER\AppData\Local\Google
2015-03-20 01:01 - 2014-07-10 21:00 - 00000000 ____D () C:\Users\ACER\AppData\Local\Adobe
2015-03-18 01:26 - 2014-05-13 18:09 - 00000000 ____D () C:\Program Files\Recuva
2015-03-17 06:15 - 2014-08-14 13:33 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-08-14 13:33 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2014-08-14 13:33 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-17 00:54 - 2014-05-02 23:19 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-15 23:27 - 2014-04-05 17:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-15 23:22 - 2014-04-05 17:04 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2014-08-06 16:51 - 2014-08-12 11:40 - 0016958 _____ () C:\Users\ACER\AppData\Local\gem.ico
2014-08-06 16:51 - 2014-08-12 11:40 - 0127112 _____ () C:\Users\ACER\AppData\Local\mybet.ico
2014-08-12 13:34 - 2014-08-12 13:34 - 0575544 _____ (ClickMeIn Limited) C:\Users\ACER\AppData\Local\nsgAB37.tmp
2015-03-17 00:46 - 2015-03-17 00:46 - 0613255 _____ (CMI Limited) C:\Users\ACER\AppData\Local\nswC163.tmp
2014-08-10 23:02 - 2014-08-10 23:02 - 0000932 _____ () C:\Users\ACER\AppData\Local\recently-used.xbel
2014-04-05 16:34 - 2014-04-05 16:34 - 0000017 _____ () C:\Users\ACER\AppData\Local\resmon.resmoncfg
2013-12-19 11:30 - 2013-12-19 11:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-09 17:41
==================== End Of Log ============================
--- --- --- |
|
12.04.2015, 10:21
| #8 |
| /// the machine /// TB-Ausbilder | Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert Nochmal sauber Neustarten bitte. Dann: FRST öffnen, Haken setzen bei Addition und scannen, poste bitte beide logs.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
