Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Crypto Wll 3.0 und bestimmt noch mehr auf Netbook

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.05.2015, 15:57   #1
Avdalim
 
Crypto Wll 3.0 und bestimmt noch mehr auf Netbook - Standard

Crypto Wll 3.0 und bestimmt noch mehr auf Netbook



Hallo Leute,
meine Mutter und mein Bruder benutzten diesen PC 1 Jahr oder mehr ohne Antivirus Software.
Dabei hat sich bestimmt ganz viel an Schadsoftware angelagert. Der offensichtlichste Fall ist die Crypto Wall 3.0. Ich weiss dass ich die Daten nicht entschlüsseln kann jedoch möchte ich den PC komplett ausmisten, ohne Windows neu aufsetzen zu müssen, da 1. es ziemlich aufwändig für ein Netbook ist und 2. der Key auf der Unterseite mittlerweile nicht mehr zu lesen ist lol.
Erstmal die FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-05-2015 01
Ran by Acer (administrator) on ACER-PC on 25-05-2015 16:08:00
Running from C:\Users\Acer\Desktop
Loaded Profiles: Acer (Available Profiles: Acer & Hearthstone)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GregHSRW.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Blizzard Entertainment) C:\Program Files\Battle.net\Battle.net.5765\Battle.net.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4056\Agent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1157640 2009-10-07] (Dritek System Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-09] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [703008 2009-10-01] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-10-23] (Synaptics Incorporated)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKU\S-1-5-21-703194281-1064979597-3007394612-1000\...\Run: [c04c6eb] => C:\c04c6eb1\c04c6eb1.exe [266240 2015-05-25] ()
HKU\S-1-5-21-703194281-1064979597-3007394612-1000\...\Run: [c04c6eb1] => C:\Users\Acer\AppData\Roaming\c04c6eb1.exe [266240 2015-05-25] ()
HKU\S-1-5-21-703194281-1064979597-3007394612-1000\...\RunOnce: [*04c6eb] => C:\c04c6eb1\c04c6eb1.exe [266240 2015-05-25] ()
HKU\S-1-5-21-703194281-1064979597-3007394612-1000\...\RunOnce: [*04c6eb1] => C:\Users\Acer\AppData\Roaming\c04c6eb1.exe [266240 2015-05-25] ()
HKU\S-1-5-21-703194281-1064979597-3007394612-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [432672 2009-10-23] ()
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-05] (Microsoft Corporation)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c04c6eb1.exe [2015-05-25] ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML [2015-05-20] ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-05-20] ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-05-20] ()
InternetURL: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.fedpayopinion.com/16vfacm
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2015-04-13]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:8880;https=127.0.0.1:8880
ProxyServer: [S-1-5-21-703194281-1064979597-3007394612-1000] => http=127.0.0.1:8880;https=127.0.0.1:8880
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1398812401&from=tugs&uid=WDCXWD2500BEVT-22A23T0_WD-WX81A102996129961&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398812401&from=tugs&uid=WDCXWD2500BEVT-22A23T0_WD-WX81A102996129961&q={searchTerms}
SearchScopes: HKU\S-1-5-21-703194281-1064979597-3007394612-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE494DE494
SearchScopes: HKU\S-1-5-21-703194281-1064979597-3007394612-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398812401&from=tugs&uid=WDCXWD2500BEVT-22A23T0_WD-WX81A102996129961&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-08-18] (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-08-18] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-703194281-1064979597-3007394612-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: ms-help - No CLSID Value - 
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\0870pk92.default-1414758238315
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll [2014-07-22] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2012-08-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-08-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-23] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-23] (Google Inc.)
FF Plugin HKU\S-1-5-21-703194281-1064979597-3007394612-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-703194281-1064979597-3007394612-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Extension: ProxTube - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\0870pk92.default-1414758238315\Extensions\ich@maltegoetz.de.xpi [2014-11-20]
FF Extension: Adblock Plus - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\0870pk92.default-1414758238315\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-01]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-20]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-05-20]

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Acer\AppData\Local\Google\Chrome\Application\42.0.2311.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Acer\AppData\Local\Google\Chrome\Application\42.0.2311.152\pdf.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.6) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-24]
CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-07-28]
CHR Extension: (Skype Click to Call) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-02-17]
CHR Extension: (Google Wallet) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
         
Dann die Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-05-2015 01
Ran by Acer at 2015-05-25 16:07:14
Running from C:\Users\Acer\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Acer (S-1-5-21-703194281-1064979597-3007394612-1000 - Administrator - Enabled) => C:\Users\Acer
Administrator (S-1-5-21-703194281-1064979597-3007394612-500 - Administrator - Disabled)
Gast (S-1-5-21-703194281-1064979597-3007394612-501 - Limited - Disabled)
Hearthstone (S-1-5-21-703194281-1064979597-3007394612-1001 - Administrator - Enabled) => C:\Users\Hearthstone

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Acer Crystal Eye webcam Ver:1.1.121.1113 (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.121.1113 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.2.1026 - Acer Incorporated)
Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Amazonia (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.14 - Atheros Communications Inc.)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Chicken Invaders 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CoolPic - Fun Social Pictures 2.0.0.429 (HKLM\...\{FEFE89E5-A43F-4f4b-8211-B11D91D02135}_is1) (Version:  - Bitcoktail) <==== ATTENTION
Dairy Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Dream Day First Home (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
eBay Worldwide (HKLM\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (Version: 2.0.4.000274 - esobi Inc.) Hidden
Farm Frenzy 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
First Class Flurry (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Google Chrome (HKU\S-1-5-21-703194281-1064979597-3007394612-1000\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Granny In Paradise (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of Hellas (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.1929 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java(TM) 7 Update 5 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 3.0.07 - Acer Inc.)
LuPO 1.0.2.45 (HKLM\...\LuPO_is1) (Version:  - Ministerium für Schule, Wissenschaft und Forschung NRW)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Merriam Websters Spell Jam (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Online Backup (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5999 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.12.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
WBC Engine 2.0.0.429 (HKLM\...\{14DD0E04-D4F6-45d2-A958-F361FBD4F64F}_is1) (Version:  - Bitcocktail)
Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Windows Driver Package - ENE (EUCR) USB  (11/23/2009 5.89.0.62) (HKLM\...\BBEC16685668EB1D6F3D05051DD7314B66370C9F) (Version: 11/23/2009 5.89.0.62 - ENE)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Acer\AppData\Local\Google\Chrome\Application\43.0.2357.65\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-703194281-1064979597-3007394612-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {264ED577-F129-4E60-A530-843498FA770C} - System32\Tasks\{CB5067E3-B125-46AC-942A-5E634AE64EC5} => pcalua.exe -a "C:\Program Files\MediaPlayerplus\Uninstall.exe" -c /fcp=1
Task: {498FBC70-F8CB-4D6C-B9EA-6D759F35BF23} - System32\Tasks\Acer Registration Data Sending => C:\Program Files\Acer\Registration\GREG.exe [2009-08-28] (Acer Incorporated)
Task: {71947012-2457-4139-829F-E453D307E868} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-703194281-1064979597-3007394612-1000UA => C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27] (Google Inc.)
Task: {75E68DBE-D8FA-4602-B91F-76F74903DB0A} - System32\Tasks\MySearchDial => C:\Users\Acer\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {88DDFD2C-B8DD-4B53-8F12-5AE6CBBB8727} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {90B08167-FE65-47C7-85E9-62C9C1402970} - System32\Tasks\pricemetertask => C:\Users\Acer\AppData\Local\PriceMeter\pricemeter.exe <==== ATTENTION
Task: {A7FB906E-CCA3-4F31-BBED-432DC9173F9F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-703194281-1064979597-3007394612-1000Core => C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27] (Google Inc.)
Task: {A8AFE8F6-522A-4010-99A7-6F78CC546C71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {CBCC301C-3212-49D6-AA76-C8C9323A55FD} - System32\Tasks\txppnourb => Rundll32.exe "C:\Windows\system32\cero6.dll",TNTLDLETZG
Task: {E1AC4C2D-7C5C-4BCF-9DC1-9C2F92D503FC} - System32\Tasks\{AE7B0074-FBC7-4F4C-9510-237F5A256380} => pcalua.exe -a C:\Users\Acer\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=tugs <==== ATTENTION
Task: {E3F48ECC-4645-4029-8416-DBAD52EF403E} - System32\Tasks\{1238487B-F437-4BEF-B60F-EF284F33EB91} => pcalua.exe -a C:\Users\Acer\Downloads\New_PC_Studio_1.5.1.10064_2.exe -d C:\Users\Acer\Downloads
Task: {E92C45DA-4E4F-4CD0-AF33-AB70EAAE5DE2} - System32\Tasks\pricemeterwatcher => C:\Users\Acer\AppData\Local\PriceMeter\pricemeterw.exe <==== ATTENTION
Task: {E9839F3A-E0EC-4DDD-88E7-1F469DFC440E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-22] (Adobe Systems Incorporated)
Task: {FA508817-CDD4-417F-8886-ED56835197A6} - System32\Tasks\Price Meter Updater => C:\Users\Acer\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Acer Registration Data Sending.job => C:\Program Files\Acer\Registration\GREG.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-703194281-1064979597-3007394612-1000Core.job => C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-703194281-1064979597-3007394612-1000UA.job => C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Acer\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Price Meter Updater.job => C:\Users\Acer\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\txppnourb.job => C:\Windows\system32\rundll32.exe C:\Windows\system32\cero6.dll

==================== Loaded Modules (Whitelisted) ==============

2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-20 01:04 - 2015-05-20 01:05 - 26065408 _____ () C:\Program Files\Battle.net\Battle.net.5765\libcef.dll
2015-05-20 01:04 - 2015-05-20 01:05 - 00739840 _____ () C:\Program Files\Battle.net\Battle.net.5765\libGLESv2.dll
2015-05-20 01:04 - 2015-05-20 01:05 - 00908288 _____ () C:\Program Files\Battle.net\Battle.net.5765\platforms\qwindows.dll
2015-05-20 01:04 - 2015-05-20 01:05 - 00130048 _____ () C:\Program Files\Battle.net\Battle.net.5765\libEGL.dll
2015-05-20 01:04 - 2015-05-20 01:05 - 00020992 _____ () C:\Program Files\Battle.net\Battle.net.5765\imageformats\qgif.dll
2015-05-20 01:04 - 2015-05-20 01:05 - 00021504 _____ () C:\Program Files\Battle.net\Battle.net.5765\imageformats\qico.dll
2015-05-20 01:04 - 2015-05-20 01:05 - 00205312 _____ () C:\Program Files\Battle.net\Battle.net.5765\imageformats\qjpeg.dll
2015-05-20 01:04 - 2015-05-20 01:05 - 00225792 _____ () C:\Program Files\Battle.net\Battle.net.5765\imageformats\qmng.dll
2015-05-20 01:04 - 2015-05-20 01:05 - 00015872 _____ () C:\Program Files\Battle.net\Battle.net.5765\imageformats\qsvg.dll
2015-05-20 01:04 - 2015-05-20 01:05 - 00312832 _____ () C:\Program Files\Battle.net\Battle.net.5765\imageformats\qtiff.dll
2015-05-20 01:04 - 2015-05-20 01:05 - 00010240 _____ () C:\Program Files\Battle.net\Battle.net.5765\qml\QtQuick.2\qtquick2plugin.dll
2015-05-20 01:04 - 2015-05-20 01:05 - 00054272 _____ () C:\Program Files\Battle.net\Battle.net.5765\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-05-20 01:04 - 2015-05-20 01:05 - 00010240 _____ () C:\Program Files\Battle.net\Battle.net.5765\qml\QtQml\Models.2\modelsplugin.dll
2014-07-22 00:03 - 2014-07-22 00:03 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5D7E5A8F

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-703194281-1064979597-3007394612-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: PriceMeterW => "C:\Users\Acer\AppData\Local\PriceMeter\pricemeterw.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ROC_ROC_JULY_P1 => "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8C489AA7-1FBF-44E3-954C-14B395D45964}] => (Allow) C:\Program Files\Acer\Acer VCM\RS_Service.exe
FirewallRules: [{EE526A68-4586-4593-90FC-D02899139E27}] => (Allow) C:\Program Files\Acer\Acer VCM\VC.exe
FirewallRules: [{146A6EA6-1F6F-40A7-8BE6-51D2518F95B2}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{4BC5FBC2-16AB-4DC2-901D-16D0F2CFAC00}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A6936E4D-3884-4047-B23A-F86CE95949E5}] => (Allow) svchost.exe
FirewallRules: [{94DB9E46-C1F2-499A-8893-9690467F0D48}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{B670233D-3066-4CD0-96C6-FCB1E008C22A}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{78B1C326-F9C2-4E6E-8A83-0B10CFA2E478}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{9330D8D9-EC93-4742-B961-EE4DD73CEFC9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ED6C2E5E-D02E-45CA-94B9-9FEED4D11FEB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{909CED19-2EC9-47D0-8A82-D9042E93E45F}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{79937DB1-D1A6-46B8-A065-F65D3DB37B79}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{64356724-9448-41DF-BA2A-D8CFCBF742D0}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{5165BAB5-2798-4554-81B7-A6B1D95FE1F2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4A8F5FA2-229D-4B44-BF7C-2612DDF849C6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{40D0DEA1-C7E6-49C2-9AE9-D489514AFD3C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{6DD2CF39-E937-4918-B785-E66C172ABE86}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{697497F7-AD82-4EB8-A2D4-FAC544CB4198}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{5D467112-2F34-4EFD-BBE1-6CE4AB88B3BA}C:\users\acer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\acer\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{32584A69-40F4-45DC-9506-8CADC4E3F61D}C:\users\acer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\acer\appdata\roaming\spotify\spotify.exe
FirewallRules: [{483CD658-7B2D-42F8-A94B-07A7867D4D65}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{088EFA58-307F-4A48-A2CF-C12C6962CEFD}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{54085194-84C3-4BE0-84DD-8F401BCAF92E}] => (Allow) C:\Program Files\Hearthstone\Hearthstone.exe
FirewallRules: [{6C218018-3733-4E41-AABA-42F8825225FD}] => (Allow) C:\Program Files\Hearthstone\Hearthstone.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2015 04:03:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe_msvcrt.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc637
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000532ce
ID des fehlerhaften Prozesses: 0x8c4
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe_msvcrt.dll0
Pfad der fehlerhaften Anwendung: rundll32.exe_msvcrt.dll1
Pfad des fehlerhaften Moduls: rundll32.exe_msvcrt.dll2
Berichtskennung: rundll32.exe_msvcrt.dll3

Error: (05/25/2015 04:01:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 4.5.3004.0, Zeitstempel: 0x4ac2fb2d
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0x80000003
Fehleroffset: 0x000637be
ID des fehlerhaften Prozesses: 0xbf8
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (05/25/2015 04:00:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtHDVCpl.exe, Version: 1.0.0.455, Zeitstempel: 0x4b1f35b2
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0x80000003
Fehleroffset: 0x000637be
ID des fehlerhaften Prozesses: 0xbe8
Startzeit der fehlerhaften Anwendung: 0xRtHDVCpl.exe0
Pfad der fehlerhaften Anwendung: RtHDVCpl.exe1
Pfad des fehlerhaften Moduls: RtHDVCpl.exe2
Berichtskennung: RtHDVCpl.exe3

Error: (05/25/2015 04:00:23 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "Coordinator" kann nicht gestartet werden. [0x80070005, Zugriff verweigert
]

Error: (05/25/2015 04:00:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IAAnotif.exe, Version: 8.9.0.1023, Zeitstempel: 0x4a287ce5
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0x80000003
Fehleroffset: 0x000637be
ID des fehlerhaften Prozesses: 0xbe0
Startzeit der fehlerhaften Anwendung: 0xIAAnotif.exe0
Pfad der fehlerhaften Anwendung: IAAnotif.exe1
Pfad des fehlerhaften Moduls: IAAnotif.exe2
Berichtskennung: IAAnotif.exe3

Error: (05/25/2015 03:16:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0x80000003
Fehleroffset: 0x000637be
ID des fehlerhaften Prozesses: 0x6b8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (05/25/2015 03:16:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Dwm.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc225
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0x80000003
Fehleroffset: 0x000637be
ID des fehlerhaften Prozesses: 0x75c
Startzeit der fehlerhaften Anwendung: 0xDwm.exe0
Pfad der fehlerhaften Anwendung: Dwm.exe1
Pfad des fehlerhaften Moduls: Dwm.exe2
Berichtskennung: Dwm.exe3

Error: (05/25/2015 03:16:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "Coordinator" kann nicht gestartet werden. [0x80070005, Zugriff verweigert
]

Error: (05/25/2015 03:15:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: taskhost.exe, Version: 6.1.7601.18010, Zeitstempel: 0x50aee407
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0x80000003
Fehleroffset: 0x000637be
ID des fehlerhaften Prozesses: 0x694
Startzeit der fehlerhaften Anwendung: 0xtaskhost.exe0
Pfad der fehlerhaften Anwendung: taskhost.exe1
Pfad des fehlerhaften Moduls: taskhost.exe2
Berichtskennung: taskhost.exe3

Error: (05/25/2015 03:14:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe_msvcrt.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc637
Name des fehlerhaften Moduls: Flash32_14_0_0_145.ocx, Version: 14.0.0.145, Zeitstempel: 0x53aa18ec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0069119a
ID des fehlerhaften Prozesses: 0xda4
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe_msvcrt.dll0
Pfad der fehlerhaften Anwendung: rundll32.exe_msvcrt.dll1
Pfad des fehlerhaften Moduls: rundll32.exe_msvcrt.dll2
Berichtskennung: rundll32.exe_msvcrt.dll3


System errors:
=============
Error: (05/25/2015 04:00:23 PM) (Source: DCOM) (EventID: 10016) (User: Acer-PC)
Description: AnwendungsspezifischLokalAktivierung{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}Acer-PCAcerS-1-5-21-703194281-1064979597-3007394612-1000LocalHost (unter Verwendung von LRPC)

Error: (05/25/2015 03:16:02 PM) (Source: DCOM) (EventID: 10016) (User: Acer-PC)
Description: AnwendungsspezifischLokalAktivierung{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}Acer-PCAcerS-1-5-21-703194281-1064979597-3007394612-1000LocalHost (unter Verwendung von LRPC)

Error: (05/25/2015 10:50:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/25/2015 10:50:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/25/2015 10:50:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.

Error: (05/25/2015 10:50:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call PNR Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/25/2015 10:50:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call Updater" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/25/2015 10:48:48 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/25/2015 10:48:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (05/25/2015 04:08:57 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800706f7 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5.1 unter Windows 7 SP1 x86 (KB3048070)


Microsoft Office:
=========================
Error: (04/13/2015 09:50:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.6650.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 109 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-06-10 17:48:18.113
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-10 17:48:11.553
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-26 19:11:49.860
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-26 19:03:18.773
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-26 18:58:21.034
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-26 18:57:57.369
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-26 18:57:53.909
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-26 18:57:44.293
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-26 18:57:39.139
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-26 18:57:01.514
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz
Percentage of memory in use: 81%
Total physical RAM: 1013.23 MB
Available physical RAM: 191.18 MB
Total Pagefile: 2213.23 MB
Available Pagefile: 1073.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.51 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:220.78 GB) (Free:162.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 1ED119A0)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220.8 GB) - (Type=07 NTFS)

==================== End of log ============================
         
Und die GMER
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-25 16:48:32
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0 232,89GB
Running: 1vtdyi1s.exe; Driver: C:\Users\Acer\AppData\Local\Temp\kwldrpob.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntoskrnl.exe!ZwRollbackEnlistment + 1409                                                     81C4C9A5 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                       81C6C512 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                      Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                      Wdf01000.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                     fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active           
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@BB9E1CF4  607
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@ED321CF4  615

---- EOF - GMER 2.1 ----
         

Alt 25.05.2015, 16:11   #2
Machiavelli
 
Crypto Wll 3.0 und bestimmt noch mehr auf Netbook - Standard

Crypto Wll 3.0 und bestimmt noch mehr auf Netbook



Zitat:
meine Mutter und mein Bruder benutzten diesen PC 1 Jahr oder mehr ohne Antivirus Software.


Es fehlt der größte Teil vom FRST Log.
__________________

__________________

Alt 25.05.2015, 23:26   #3
Avdalim
 
Crypto Wll 3.0 und bestimmt noch mehr auf Netbook - Standard

Crypto Wll 3.0 und bestimmt noch mehr auf Netbook



Wooops lag wohl daran, dass die frst.exe immer wieder von neuem scante.

Hier die komplette FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-05-2015
Ran by Acer (administrator) on ACER-PC on 25-05-2015 23:52:01
Running from C:\Users\Acer\Desktop
Loaded Profiles: Acer (Available Profiles: Acer & Hearthstone)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GregHSRW.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Users\Acer\AppData\Local\Google\Update\Install\{4C443A86-E401-4583-95D1-0BFD37B9423E}\43.0.2357.81_43.0.2357.65_chrome_updater.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Temp\CR_4E9A1.tmp\setup.exe
(Mozilla Foundation) C:\Users\Acer\AppData\Local\{316CFC2C-50E5-5F36-0DB3-F7F1ED76C0F7}\syshost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1157640 2009-10-07] (Dritek System Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-09] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [703008 2009-10-01] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-10-23] (Synaptics Incorporated)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKU\S-1-5-21-703194281-1064979597-3007394612-1000\...\Run: [syshost32] => C:\Users\Acer\AppData\Local\{316CFC2C-50E5-5F36-0DB3-F7F1ED76C0F7}\syshost.exe [101888 2015-05-25] (Mozilla Foundation)
HKU\S-1-5-21-703194281-1064979597-3007394612-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [432672 2009-10-23] ()
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-05] (Microsoft Corporation)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML [2015-05-20] ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-05-20] ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-05-20] ()
InternetURL: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.fedpayopinion.com/16vfacm
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2015-04-13]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:8880;https=127.0.0.1:8880
ProxyServer: [S-1-5-21-703194281-1064979597-3007394612-1000] => http=127.0.0.1:8880;https=127.0.0.1:8880
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1398812401&from=tugs&uid=WDCXWD2500BEVT-22A23T0_WD-WX81A102996129961&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398812401&from=tugs&uid=WDCXWD2500BEVT-22A23T0_WD-WX81A102996129961&q={searchTerms}
SearchScopes: HKU\S-1-5-21-703194281-1064979597-3007394612-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE494DE494
SearchScopes: HKU\S-1-5-21-703194281-1064979597-3007394612-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398812401&from=tugs&uid=WDCXWD2500BEVT-22A23T0_WD-WX81A102996129961&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-08-18] (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-08-18] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-703194281-1064979597-3007394612-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: ms-help - No CLSID Value - 
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\0870pk92.default-1414758238315
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll [2014-07-22] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2012-08-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-08-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-23] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-23] (Google Inc.)
FF Plugin HKU\S-1-5-21-703194281-1064979597-3007394612-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-703194281-1064979597-3007394612-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Extension: ProxTube - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\0870pk92.default-1414758238315\Extensions\ich@maltegoetz.de.xpi [2014-11-20]
FF Extension: Adblock Plus - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\0870pk92.default-1414758238315\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-01]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-20]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-05-20]

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Acer\AppData\Local\Google\Chrome\Application\42.0.2311.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Acer\AppData\Local\Google\Chrome\Application\42.0.2311.152\pdf.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.6) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-24]
CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-07-28]
CHR Extension: (Skype Click to Call) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-02-17]
CHR Extension: (Google Wallet) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [62464 2009-07-14] (Microsoft Corporation) []
S3 ALG; C:\Windows\System32\alg.exe [59392 2009-07-14] (Microsoft Corporation) []
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [27648 2009-07-14] (Microsoft Corporation) []
R3 Appinfo; C:\Windows\System32\appinfo.dll [47104 2013-02-27] (Microsoft Corporation) []
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [475136 2014-10-03] (Microsoft Corporation) []
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [475136 2014-10-03] (Microsoft Corporation) []
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [88064 2010-11-20] (Microsoft Corporation) []
S3 BDESVC; C:\Windows\System32\bdesvc.dll [76800 2009-07-14] (Microsoft Corporation) []
R2 BFE; C:\Windows\System32\bfe.dll [494592 2010-11-20] (Microsoft Corporation) []
R2 BITS; C:\Windows\System32\qmgr.dll [585728 2010-11-20] (Microsoft Corporation) []
S3 Browser; C:\Windows\System32\browser.dll [102912 2012-07-04] (Microsoft Corporation) []
S3 bthserv; C:\Windows\system32\bthserv.dll [64512 2009-07-14] (Microsoft Corporation) []
S3 CertPropSvc; C:\Windows\System32\certprop.dll [67584 2010-11-20] (Microsoft Corporation) []
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [143872 2014-07-07] (Microsoft Corporation) []
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [376832 2010-11-20] (Microsoft Corporation) []
S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Microsoft Corporation) []
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation) []
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [132608 2011-03-03] (Microsoft Corporation) []
S3 dot3svc; C:\Windows\System32\dot3svc.dll [214016 2010-11-20] (Microsoft Corporation) []
R2 DPS; C:\Windows\system32\dps.dll [144384 2010-11-20] (Microsoft Corporation) []
R3 EapHost; C:\Windows\System32\eapsvc.dll [98304 2009-07-14] (Microsoft Corporation) []
S3 EFS; C:\Windows\System32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) []
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [727584 2009-10-01] (Acer Incorporated)
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1086976 2010-11-20] (Microsoft Corporation) []
R2 EventSystem; C:\Windows\system32\es.dll [271360 2009-07-14] (Microsoft Corporation) []
S3 Fax; C:\Windows\system32\fxssvc.exe [523264 2010-11-20] (Microsoft Corporation) []
S3 fdPHost; C:\Windows\system32\fdPHost.dll [12800 2009-07-14] (Microsoft Corporation) []
S3 FDResPub; C:\Windows\system32\fdrespub.dll [28160 2009-07-14] (Microsoft Corporation) []
R2 FontCache; C:\Windows\system32\FntCache.dll [906240 2013-06-01] (Microsoft Corporation) []
R2 gpsvc; C:\Windows\System32\gpsvc.dll [593408 2010-11-20] (Microsoft Corporation) []
R2 Greg_Service; C:\Program Files\Acer\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
S3 hidserv; C:\Windows\system32\hidserv.dll [49152 2009-07-14] (Microsoft Corporation) []
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [71168 2010-11-20] (Microsoft Corporation) []
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [194560 2010-11-20] (Microsoft Corporation) []
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) []
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [102912 2014-11-22] (Microsoft Corporation) []
R2 IKEEXT; C:\Windows\System32\ikeext.dll [679424 2013-10-12] (Microsoft Corporation) []
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [78848 2009-07-14] (Microsoft Corporation) []
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [499712 2012-10-03] (Microsoft Corporation) []
R3 KeyIso; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) []
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [308736 2009-07-14] (Microsoft Corporation) []
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [168960 2010-11-20] (Microsoft Corporation) []
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [84480 2010-11-20] (Microsoft Corporation) []
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [189952 2009-07-14] (Microsoft Corporation) []
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [18432 2009-07-14] (Microsoft Corporation) []
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S2 MMCSS; C:\Windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation) []
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [566272 2010-11-20] (Microsoft Corporation) []
S3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2009-07-14] (Microsoft Corporation) []
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [114688 2009-07-14] (Microsoft Corporation) []
S3 msiserver; C:\Windows\System32\msiexec.exe [73216 2010-11-20] (Microsoft Corporation) []
S3 napagent; C:\Windows\system32\qagentRT.dll [330240 2010-11-20] (Microsoft Corporation) []
S3 Netlogon; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) []
R3 Netman; C:\Windows\System32\netman.dll [280576 2009-07-14] (Microsoft Corporation) []
R3 netprofm; C:\Windows\System32\netprofm.dll [360448 2009-07-14] (Microsoft Corporation) []
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [242176 2012-10-03] (Microsoft Corporation) []
R2 nsi; C:\Windows\system32\nsisvc.dll [19456 2009-07-14] (Microsoft Corporation) []
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation) []
S3 p2psvc; C:\Windows\system32\p2psvc.dll [327680 2009-07-14] (Microsoft Corporation) []
R3 PcaSvc; C:\Windows\System32\pcasvc.dll [154624 2009-07-14] (Microsoft Corporation) []
S3 pla; C:\Windows\system32\pla.dll [1508864 2010-11-20] (Microsoft Corporation) []
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [293376 2011-05-24] (Microsoft Corporation) []
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [20480 2009-07-14] (Microsoft Corporation) []
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation) []
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [350208 2010-11-20] (Microsoft Corporation) []
R2 Power; C:\Windows\system32\umpo.dll [119808 2010-11-20] (Microsoft Corporation) []
R2 ProfSvc; C:\Windows\system32\profsvc.dll [164352 2012-05-01] (Microsoft Corporation) []
R3 ProtectedStorage; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) []
S3 QWAVE; C:\Windows\system32\qwave.dll [210944 2009-07-14] (Microsoft Corporation) []
S3 RasAuto; C:\Windows\System32\rasauto.dll [90624 2009-07-14] (Microsoft Corporation) []
R3 RasMan; C:\Windows\System32\rasmans.dll [286208 2010-11-20] (Microsoft Corporation) []
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [75264 2009-07-14] (Microsoft Corporation) []
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [112640 2009-07-14] (Microsoft Corporation) []
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [43520 2009-07-14] (Microsoft Corporation) []
S3 RpcLocator; C:\Windows\system32\locator.exe [9216 2009-07-14] (Microsoft Corporation) []
R2 RpcSs; C:\Windows\system32\rpcss.dll [376832 2010-11-20] (Microsoft Corporation) []
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) []
R2 SamSs; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) []
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [132608 2009-07-14] (Microsoft Corporation) []
R2 Schedule; C:\Windows\system32\schedsvc.dll [750592 2010-11-20] (Microsoft Corporation) []
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [67584 2010-11-20] (Microsoft Corporation) []
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [125952 2010-11-20] (Microsoft Corporation) []
S3 seclogon; C:\Windows\system32\seclogon.dll [21504 2009-07-14] (Microsoft Corporation) []
R2 SENS; C:\Windows\System32\sens.dll [49664 2009-07-14] (Microsoft Corporation) []
S3 SessionEnv; C:\Windows\system32\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) []
S4 SharedAccess; C:\Windows\System32\ipnathlp.dll [300544 2009-07-14] (Microsoft Corporation) []
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation) []
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2009-07-14] (Microsoft Corporation) []
R2 Spooler; C:\Windows\System32\spoolsv.exe [317440 2012-02-11] (Microsoft Corporation) []
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3179520 2010-11-20] (Microsoft Corporation) []
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [53760 2010-11-20] (Microsoft Corporation) []
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [162816 2009-07-14] (Microsoft Corporation) []
R3 SstpSvc; C:\Windows\system32\sstpsvc.dll [90112 2009-07-14] (Microsoft Corporation) []
R2 StiSvc; C:\Windows\System32\wiaservc.dll [463360 2010-11-20] (Microsoft Corporation) []
S3 swprv; C:\Windows\System32\swprv.dll [313856 2009-07-14] (Microsoft Corporation) []
R2 SysMain; C:\Windows\system32\sysmain.dll [1159168 2010-11-20] (Microsoft Corporation) []
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [73216 2010-11-20] (Microsoft Corporation) []
R3 TapiSrv; C:\Windows\System32\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) []
S3 TBS; C:\Windows\System32\tbssvc.dll [55808 2009-07-14] (Microsoft Corporation) []
S3 TermService; C:\Windows\System32\termsrv.dll [523776 2014-10-14] (Microsoft Corporation) []
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation) []
S3 THREADORDER; C:\Windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation) []
R2 TrkWks; C:\Windows\System32\trkwks.dll [77312 2009-07-14] (Microsoft Corporation) []
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [204800 2010-11-20] (Microsoft Corporation) []
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2009-07-14] (Microsoft Corporation) []
R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
S3 upnphost; C:\Windows\System32\upnphost.dll [266752 2009-07-14] (Microsoft Corporation) []
R2 UxSms; C:\Windows\System32\uxsms.dll [29696 2009-07-14] (Microsoft Corporation) []
S3 VaultSvc; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) []
S3 vds; C:\Windows\System32\vds.exe [453632 2010-11-20] (Microsoft Corporation) []
S3 VSS; C:\Windows\system32\vssvc.exe [1025536 2010-11-20] (Microsoft Corporation) []
S3 W32Time; C:\Windows\system32\w32time.dll [288768 2009-07-14] (Microsoft Corporation) []
S3 wbengine; C:\Windows\system32\wbengine.exe [1203200 2010-11-20] (Microsoft Corporation) []
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [151552 2009-07-14] (Microsoft Corporation) []
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation) []
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32768 2009-07-14] (Microsoft Corporation) []
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation) []
R3 WdiSystemHost; C:\Windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation) []
S3 WebClient; C:\Windows\System32\webclnt.dll [205824 2013-07-04] (Microsoft Corporation) []
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [147968 2009-07-14] (Microsoft Corporation) []
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [61440 2009-07-14] (Microsoft Corporation) []
S3 WerSvc; C:\Windows\System32\WerSvc.dll [65024 2009-07-14] (Microsoft Corporation) []
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) []
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [351232 2010-11-20] (Microsoft Corporation) []
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [168960 2009-07-14] (Microsoft Corporation) []
S3 WinRM; C:\Windows\system32\WsmSvc.dll [1177088 2014-10-03] (Microsoft Corporation) []
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [829440 2009-07-14] (Microsoft Corporation) []
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [136192 2009-07-14] (Microsoft Corporation) []
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121792 2010-11-20] (Microsoft Corporation) []
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation) []
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [85504 2010-11-20] (Microsoft Corporation) []
S4 wscsvc; C:\Windows\System32\wscsvc.dll [73728 2009-07-14] (Microsoft Corporation) []
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation) []
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [73216 2012-07-26] (Microsoft Corporation) []
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [185344 2014-01-28] (Microsoft Corporation) []
S2 c2cautoupdatesvc; "C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
S2 c2cpnrsvc; "C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X]
S2 WBC Engine Updater; C:\Program Files\WBC Engine\ExtensionUpdaterService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [164864 2010-11-20] (Microsoft Corporation) []
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [10240 2010-11-20] (Microsoft Corporation) []
R1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2014-05-30] (Microsoft Corporation) []
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [55296 2009-07-14] (Microsoft Corporation) []
S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [52736 2009-07-14] (Microsoft Corporation) []
S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2010-11-20] (Microsoft Corporation) []
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-14] (Microsoft Corporation) []
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [1227776 2009-11-06] (Atheros Communications, Inc.) []
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-14] (Broadcom Corporation) []
S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-14] (Broadcom Corporation) []
R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2009-07-14] (Microsoft Corporation) []
R1 blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [35328 2009-07-14] (Microsoft Corporation) []
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-23] (Microsoft Corporation) []
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [13568 2009-07-14] (Brother Industries, Ltd.) []
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [5248 2009-07-14] (Brother Industries, Ltd.) []
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-14] (Brother Industries Ltd.) []
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-14] (Brother Industries Ltd.) []
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-14] (Brother Industries Ltd.) []
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-14] (Brother Industries Ltd.) []
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [56320 2009-07-14] (Microsoft Corporation) []
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-14] (Microsoft Corporation) []
S3 cdrom; C:\Windows\system32\drivers\cdrom.sys [108544 2010-11-20] (Microsoft Corporation) []
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [37888 2009-07-14] (Microsoft Corporation) []
R3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [14080 2009-07-14] (Microsoft Corporation) []
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [31232 2010-11-20] (Microsoft Corporation) []
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2010-11-20] (Microsoft Corporation) []
R1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-14] (Microsoft Corporation) []
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5120 2009-07-14] (Microsoft Corporation) []
S3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-14] (Broadcom Corporation) []
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [7168 2009-07-14] (Microsoft Corporation) []
S3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [103296 2009-11-23] (ENE Technology Inc.) []
S3 exfat; C:\Windows\system32\Drivers\exfat.sys [142336 2009-07-14] (Microsoft Corporation) []
S3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [148480 2009-07-14] (Microsoft Corporation) []
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [25088 2009-07-14] (Microsoft Corporation) []
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-14] (Microsoft Corporation) []
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [19968 2009-07-14] (Microsoft Corporation) []
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-14] (Hauppauge Computer Works, Inc.) []
S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [304128 2010-11-20] (Microsoft Corporation) []
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [108544 2010-11-20] (Microsoft Corporation) []
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [21504 2009-07-14] (Microsoft Corporation) []
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [91136 2009-07-14] (Microsoft Corporation) []
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [37888 2009-07-14] (Microsoft Corporation) []
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [24064 2010-11-20] (Microsoft Corporation) []
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513536 2010-11-20] (Microsoft Corporation) []
R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [80896 2009-07-14] (Microsoft Corporation) []
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [4808192 2009-09-23] (Intel Corporation) []
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [53760 2009-07-14] (Microsoft Corporation) []
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] (Microsoft Corporation) []
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [65536 2010-11-20] (Microsoft Corporation) []
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-14] (Microsoft Corporation) []
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-14] (Microsoft Corporation) []
S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [28160 2010-11-20] (Microsoft Corporation) []
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [54784 2009-09-04] (Atheros Communications, Inc.) []
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] (Microsoft Corporation) []
R2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-14] (Microsoft Corporation) []
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-08] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
S3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-14] (Microsoft Corporation) []
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] (Microsoft Corporation) []
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [26112 2009-07-14] (Microsoft Corporation) []
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] (Microsoft Corporation) []
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2013-07-04] (Microsoft Corporation) []
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123904 2011-04-27] (Microsoft Corporation) []
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [223744 2011-07-09] (Microsoft Corporation) []
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [96768 2011-04-27] (Microsoft Corporation) []
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] (Microsoft Corporation) []
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] (Microsoft Corporation) []
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] (Microsoft Corporation) []
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-14] (Microsoft Corporation) []
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-14] (Microsoft Corporation) []
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-14] (Microsoft Corporation) []
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] (Microsoft Corporation) []
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] (Microsoft Corporation) []
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] (Microsoft Corporation) []
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [46080 2010-11-20] (Microsoft Corporation) []
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2010-11-20] (Microsoft Corporation) []
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48640 2010-11-20] (Microsoft Corporation) []
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] (Microsoft Corporation) []
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2010-11-20] (Microsoft Corporation) []
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-14] (Microsoft Corporation) []
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] (Microsoft Corporation) []
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-14] (Microsoft Corporation) []
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62464 2009-07-14] (Microsoft Corporation) []
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [79360 2009-07-14] (Microsoft Corporation) []
S2 Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [8704 2009-07-14] (Microsoft Corporation) []
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-14] (Microsoft Corporation) []
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] (Microsoft Corporation) []
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [52224 2009-07-14] (Microsoft Corporation) []
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] (Microsoft Corporation) []
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] (Microsoft Corporation) []
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] (Microsoft Corporation) []
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] (Microsoft Corporation) []
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] (Microsoft Corporation) []
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] (Microsoft Corporation) []
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] (Microsoft Corporation) []
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [242688 2010-11-20] (Microsoft Corporation) []
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [18944 2009-07-14] (Microsoft Corporation) []
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2010-11-20] (Microsoft Corporation) []
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] (Microsoft Corporation) []
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] (Microsoft Corporation) []
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [184320 2014-07-17] (Microsoft Corporation) []
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] (Microsoft Corporation) []
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2010-11-20] (Microsoft Corporation) []
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) []
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [17920 2009-07-14] (Microsoft Corporation) []
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [83456 2009-07-14] (Microsoft Corporation) []
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [19968 2009-07-14] (Microsoft Corporation) []
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [11264 2009-07-14] (Microsoft Corporation) []
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2009-07-14] (Microsoft Corporation) []
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2010-11-20] (Microsoft Corporation) []
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [13824 2009-07-14] (Microsoft Corporation) []
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] (Microsoft Corporation) []
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [311808 2011-04-29] (Microsoft Corporation) []
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [310272 2011-04-29] (Microsoft Corporation) []
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114688 2011-04-29] (Microsoft Corporation) []
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [35328 2012-10-03] (Microsoft Corporation) []
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [18432 2010-11-20] (Microsoft Corporation) []
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24576 2012-02-17] (Microsoft Corporation) []
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2014-11-11] (Microsoft Corporation) []
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2014-07-17] (Microsoft Corporation) []
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [52224 2010-11-20] (Microsoft Corporation) []
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2010-11-20] (Microsoft Corporation) []
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2010-11-20] (Microsoft Corporation) []
R3 umbus; C:\Windows\system32\drivers\umbus.sys [39936 2010-11-20] (Microsoft Corporation) []
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [8192 2009-07-14] (Microsoft Corporation) []
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) []
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [76288 2013-11-27] (Microsoft Corporation) []
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2013-07-12] (Microsoft Corporation) []
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [43520 2013-11-27] (Microsoft Corporation) []
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2013-11-27] (Microsoft Corporation) []
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2013-11-27] (Microsoft Corporation) []
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-14] (Microsoft Corporation) []
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [36352 2013-07-03] (Microsoft Corporation) []
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [76288 2011-03-11] (Microsoft Corporation) []
R3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [24064 2013-11-27] (Microsoft Corporation) []
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [146816 2013-07-12] (Microsoft Corporation) []
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] (Microsoft Corporation) []
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] (Microsoft Corporation) []
S3 ViaC7; C:\Windows\system32\DRIVERS\viac7.sys [52736 2009-07-14] (Microsoft Corporation) []
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-14] (Microsoft Corporation) []
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-14] (Microsoft Corporation) []
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [21632 2009-07-14] (Microsoft Corporation) []
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] (Microsoft Corporation) []
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] (Microsoft Corporation) []
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] (Microsoft Corporation) []
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [35968 2010-11-20] (Microsoft Corporation) []
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2009-07-14] (Microsoft Corporation) []
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] (Microsoft Corporation) []
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-26] (Microsoft Corporation) []
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation) []

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 12:06 - 2015-05-25 17:00 - 00004858 _____ () C:\Users\Acer\Desktop\HELP_DECRYPT.TXT
2015-05-27 12:06 - 2015-05-25 17:00 - 00000296 _____ () C:\Users\Acer\Desktop\HELP_DECRYPT.URL
2015-05-26 18:40 - 2015-05-26 18:42 - 00001033 _____ () C:\Users\Acer\Desktop\HearthRanger.lnk
2015-05-26 18:27 - 2015-05-26 18:27 - 00000000 ____D () C:\Windows\pss
2015-05-25 23:44 - 2015-05-25 23:44 - 00000000 ____D () C:\Users\Acer\Desktop\FRST-OlderVersion
2015-05-25 23:37 - 2015-05-25 23:37 - 00000000 ____D () C:\Users\Acer\AppData\Local\{316CFC2C-50E5-5F36-0DB3-F7F1ED76C0F7}
2015-05-25 22:52 - 2015-05-25 22:54 - 00011328 _____ () C:\Users\Hearthstone\AppData\Local\MyWinLockerInstaller.txt-20150525.log
2015-05-25 22:02 - 2015-05-25 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-05-25 22:01 - 2015-04-30 10:07 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-25 21:53 - 2015-05-25 21:53 - 00000000 ____D () C:\Users\Hearthstone\AppData\Local\Blizzard
2015-05-25 21:50 - 2015-05-25 21:50 - 00000000 ____D () C:\Users\Hearthstone\AppData\Local\Blizzard Entertainment
2015-05-25 21:49 - 2015-05-25 22:57 - 00000000 ____D () C:\Users\Hearthstone\AppData\Local\Battle.net
2015-05-25 21:49 - 2015-05-25 21:50 - 00000000 ____D () C:\Users\Hearthstone\AppData\Roaming\Battle.net
2015-05-25 21:46 - 2015-05-25 21:46 - 00000755 _____ () C:\Users\Hearthstone\Desktop\HearthRanger.lnk
2015-05-25 21:45 - 2015-05-25 21:45 - 00079592 _____ () C:\Users\Hearthstone\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-25 21:45 - 2015-05-25 21:45 - 00000000 ____D () C:\Users\Hearthstone\AppData\Roaming\Macromedia
2015-05-25 21:45 - 2015-05-25 21:45 - 00000000 ____D () C:\Users\Hearthstone\AppData\Roaming\Apple Computer
2015-05-25 21:45 - 2015-05-25 21:45 - 00000000 ____D () C:\Users\Hearthstone\AppData\Local\EgisTec
2015-05-25 21:44 - 2015-05-25 21:44 - 00001425 _____ () C:\Users\Hearthstone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-25 21:44 - 2015-05-25 21:44 - 00000020 ___SH () C:\Users\Hearthstone\ntuser.ini
2015-05-25 21:44 - 2015-05-25 21:44 - 00000000 _SHDL () C:\Users\Hearthstone\Startmenü
2015-05-25 21:44 - 2015-05-25 21:44 - 00000000 _SHDL () C:\Users\Hearthstone\Netzwerkumgebung
2015-05-25 21:44 - 2015-05-25 21:44 - 00000000 _SHDL () C:\Users\Hearthstone\Druckumgebung
2015-05-25 21:44 - 2015-05-25 21:44 - 00000000 _SHDL () C:\Users\Hearthstone\Documents\Eigene Musik
2015-05-25 21:44 - 2015-05-25 21:44 - 00000000 _SHDL () C:\Users\Hearthstone\Documents\Eigene Bilder
2015-05-25 21:44 - 2015-05-25 21:44 - 00000000 _SHDL () C:\Users\Hearthstone\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-25 21:44 - 2015-05-25 21:44 - 00000000 _SHDL () C:\Users\Hearthstone\AppData\Local\Verlauf
2015-05-25 21:44 - 2015-05-25 21:44 - 00000000 ____D () C:\Users\Hearthstone\AppData\Roaming\Adobe
2015-05-25 21:44 - 2015-05-25 21:44 - 00000000 ____D () C:\Users\Hearthstone\AppData\Local\VirtualStore
2015-05-25 21:44 - 2015-05-25 21:44 - 00000000 ____D () C:\Users\Hearthstone
2015-05-25 21:44 - 2012-07-28 22:15 - 00000000 ____D () C:\Users\Hearthstone\AppData\Local\Microsoft Help
2015-05-25 21:44 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\Hearthstone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-25 21:44 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\Hearthstone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-25 19:47 - 2015-05-25 19:47 - 00000000 ___HD () C:\ProgramData\{BB7AEE31-188C-4FEF-8E41-9CA864CF57B1}
2015-05-25 16:48 - 2015-05-25 16:48 - 00001508 _____ () C:\Users\Acer\Desktop\gmer.log
2015-05-25 16:04 - 2015-05-25 16:07 - 00040832 _____ () C:\Users\Acer\Desktop\Addition.txt
2015-05-25 16:00 - 2015-05-25 23:52 - 00043405 _____ () C:\Users\Acer\Desktop\FRST.txt
2015-05-25 15:58 - 2015-05-25 23:52 - 00000000 ____D () C:\FRST
2015-05-25 15:56 - 2015-05-25 15:57 - 00000470 _____ () C:\Users\Acer\Desktop\defogger_disable.log
2015-05-25 15:55 - 2015-05-25 15:55 - 00380416 _____ () C:\Users\Acer\Desktop\1vtdyi1s.exe
2015-05-25 15:54 - 2015-05-25 23:44 - 01147392 _____ (Farbar) C:\Users\Acer\Desktop\FRST.exe
2015-05-25 15:54 - 2015-05-25 15:54 - 00050477 _____ () C:\Users\Acer\Desktop\Defogger.exe
2015-05-25 00:02 - 2015-05-25 19:30 - 00000000 ____D () C:\HearthRanger
2015-05-24 11:56 - 2015-05-24 11:56 - 00000000 __SHD () C:\found.003
2015-05-20 23:44 - 2015-05-25 17:00 - 00009064 _____ () C:\Users\Acer\Desktop\HELP_DECRYPT.HTML
2015-05-20 23:44 - 2015-05-20 23:44 - 00009064 _____ () C:\Users\Acer\HELP_DECRYPT.HTML
2015-05-20 23:44 - 2015-05-20 23:44 - 00004858 _____ () C:\Users\Acer\HELP_DECRYPT.TXT
2015-05-20 23:44 - 2015-05-20 23:44 - 00000296 _____ () C:\Users\Acer\HELP_DECRYPT.URL
2015-05-20 23:08 - 2015-05-20 23:08 - 00009064 _____ () C:\Users\Acer\Documents\HELP_DECRYPT.HTML
2015-05-20 23:08 - 2015-05-20 23:08 - 00004858 _____ () C:\Users\Acer\Documents\HELP_DECRYPT.TXT
2015-05-20 23:08 - 2015-05-20 23:08 - 00000296 _____ () C:\Users\Acer\Documents\HELP_DECRYPT.URL
2015-05-20 22:59 - 2015-05-20 22:59 - 00009064 _____ () C:\Users\Acer\AppData\Roaming\HELP_DECRYPT.HTML
2015-05-20 22:59 - 2015-05-20 22:59 - 00009064 _____ () C:\Users\Acer\AppData\HELP_DECRYPT.HTML
2015-05-20 22:59 - 2015-05-20 22:59 - 00004858 _____ () C:\Users\Acer\AppData\Roaming\HELP_DECRYPT.TXT
2015-05-20 22:59 - 2015-05-20 22:59 - 00004858 _____ () C:\Users\Acer\AppData\HELP_DECRYPT.TXT
2015-05-20 22:59 - 2015-05-20 22:59 - 00000296 _____ () C:\Users\Acer\AppData\Roaming\HELP_DECRYPT.URL
2015-05-20 22:59 - 2015-05-20 22:59 - 00000296 _____ () C:\Users\Acer\AppData\HELP_DECRYPT.URL
2015-05-20 22:58 - 2015-05-20 22:58 - 00009064 _____ () C:\Users\Acer\AppData\Local\HELP_DECRYPT.HTML
2015-05-20 22:58 - 2015-05-20 22:58 - 00004858 _____ () C:\Users\Acer\AppData\Local\HELP_DECRYPT.TXT
2015-05-20 22:58 - 2015-05-20 22:58 - 00000296 _____ () C:\Users\Acer\AppData\Local\HELP_DECRYPT.URL
2015-05-20 22:53 - 2015-05-20 22:53 - 00009064 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-05-20 22:53 - 2015-05-20 22:53 - 00004858 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-05-20 22:53 - 2015-05-20 22:53 - 00000296 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-05-20 15:48 - 2015-05-20 15:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-20 01:57 - 2015-05-20 22:54 - 00000000 ____D () C:\Users\Acer\AppData\Local\Blizzard
2015-05-20 01:07 - 2015-05-26 18:44 - 00001206 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-05-20 01:07 - 2015-05-21 05:53 - 00000000 ____D () C:\Program Files\Hearthstone
2015-05-20 01:07 - 2015-05-20 01:08 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2015-05-20 01:07 - 2015-05-20 01:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-05-20 01:06 - 2015-05-20 22:54 - 00000000 ____D () C:\Users\Acer\AppData\Local\Blizzard Entertainment
2015-05-20 01:05 - 2015-05-25 19:30 - 00000000 ____D () C:\Users\Acer\AppData\Local\Battle.net
2015-05-20 01:05 - 2015-05-20 01:06 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Battle.net
2015-05-20 01:05 - 2015-05-20 01:05 - 00001080 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2015-05-20 01:04 - 2015-05-20 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-05-20 01:04 - 2015-05-20 01:05 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-05-20 01:04 - 2015-05-20 01:05 - 00000000 ____D () C:\Program Files\Battle.net
2015-05-19 23:48 - 2015-05-19 23:48 - 00000000 _____ () C:\Users\Acer\defogger_reenable
2015-05-19 22:27 - 2015-05-20 22:53 - 00000000 ____D () C:\ProgramData\Battle.net
2015-05-08 11:29 - 2015-05-08 11:29 - 00262224 _____ () C:\Windows\Minidump\050815-23306-01.dmp
2015-04-28 21:32 - 2015-05-20 23:08 - 00000000 __RSD () C:\Users\Acer\Documents\My Stationery
2015-04-28 15:12 - 2015-05-20 23:08 - 00000000 ____D () C:\Users\Acer\Documents\LuPO_NRW_SV-1
2015-04-28 14:43 - 2015-04-28 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LuPO-NRW
2015-04-28 14:43 - 2015-04-28 14:43 - 00000000 ____D () C:\LuPO
2015-04-28 14:43 - 2004-05-04 11:53 - 01645320 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 21:51 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-05-27 21:45 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2015-05-27 11:58 - 2013-01-29 14:18 - 00000000 ____D () C:\Program Files\Pando Networks
2015-05-27 11:58 - 2010-01-06 00:41 - 01009476 _____ () C:\Windows\PFRO.log
2015-05-26 18:15 - 2010-01-05 23:58 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-05-26 18:08 - 2012-07-27 23:20 - 00000000 ___RD () C:\Program Files\Skype
2015-05-26 18:07 - 2012-07-27 23:19 - 00000000 ____D () C:\ProgramData\Skype
2015-05-26 16:58 - 2012-07-27 23:21 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Skype
2015-05-25 23:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2015-05-25 23:49 - 2014-04-30 01:49 - 00000288 _____ () C:\Windows\Tasks\MySearchDial.job
2015-05-25 23:46 - 2014-04-30 01:46 - 00000288 _____ () C:\Windows\Tasks\Price Meter Updater.job
2015-05-25 23:45 - 2012-07-27 22:39 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-25 23:21 - 2014-05-06 21:16 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-703194281-1064979597-3007394612-1000UA.job
2015-05-25 23:19 - 2009-07-14 06:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-25 23:19 - 2009-07-14 06:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-25 23:12 - 2013-11-27 11:47 - 00016384 _____ () C:\Windows\system32\Ikeext.etl
2015-05-25 23:12 - 2013-03-10 13:50 - 00000306 _____ () C:\Windows\Tasks\txppnourb.job
2015-05-25 23:12 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-25 23:12 - 2009-07-14 06:39 - 00124313 _____ () C:\Windows\setupact.log
2015-05-25 22:00 - 2010-01-06 00:17 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-05-25 21:53 - 2012-07-06 13:31 - 01105012 _____ () C:\Windows\WindowsUpdate.log
2015-05-25 21:10 - 2013-10-30 23:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-25 17:00 - 2012-07-06 13:36 - 00000000 ____D () C:\Users\Acer
2015-05-25 11:21 - 2012-07-27 22:28 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-703194281-1064979597-3007394612-1000Core.job
2015-05-25 11:18 - 2010-01-05 23:42 - 01647632 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-23 01:34 - 2012-07-27 22:39 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-20 23:32 - 2013-10-30 23:18 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-20 23:08 - 2015-03-01 02:28 - 00000000 ____D () C:\Users\Acer\Documents\01787709_V_Gavrilin_-_Tarantella
2015-05-20 23:08 - 2014-04-30 01:54 - 00000000 ____D () C:\Users\Acer\Documents\Optimizer Pro
2015-05-20 23:08 - 2012-12-12 18:39 - 00000000 ____D () C:\Users\Acer\Documents\My Games
2015-05-20 22:59 - 2013-10-30 23:18 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Mozilla
2015-05-20 22:58 - 2012-07-31 22:34 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Apple Computer
2015-05-20 22:58 - 2012-07-06 14:22 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Adobe
2015-05-20 22:57 - 2015-04-19 23:05 - 00000000 ____D () C:\Users\Acer\AppData\Local\Skype
2015-05-20 22:57 - 2013-10-30 23:18 - 00000000 ____D () C:\Users\Acer\AppData\Local\Mozilla
2015-05-20 22:56 - 2012-12-11 18:26 - 00000000 ____D () C:\Users\Acer\AppData\Local\Microsoft Games
2015-05-20 22:56 - 2012-07-27 22:18 - 00000000 ____D () C:\Users\Acer\AppData\Local\Google
2015-05-20 22:54 - 2012-09-29 15:05 - 00000000 ____D () C:\Users\Acer\AppData\Local\Adobe
2015-05-20 22:54 - 2012-08-26 17:24 - 00000000 ____D () C:\Users\Acer\.gimp-2.8
2015-05-20 22:54 - 2012-07-31 22:34 - 00000000 ____D () C:\Users\Acer\AppData\Local\Apple Computer
2015-05-20 22:52 - 2012-07-27 22:53 - 00000000 ___HD () C:\$AVG
2015-05-20 00:05 - 2010-01-06 00:31 - 00000000 ____D () C:\ProgramData\McAfee
2015-05-18 14:23 - 2010-01-06 00:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-17 14:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-17 13:57 - 2010-01-06 00:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-17 13:38 - 2012-07-29 01:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-08 11:29 - 2012-12-07 09:02 - 132301115 _____ () C:\Windows\MEMORY.DMP
2015-05-08 11:29 - 2012-12-07 09:02 - 00000000 ____D () C:\Windows\Minidump

==================== Files in the root of some directories =======

2012-07-28 00:22 - 2012-07-28 00:22 - 3993600 _____ () C:\Program Files\GUTCCA4.tmp
2010-01-06 00:09 - 2009-02-10 22:23 - 0192484 _____ () C:\Program Files\Common Files\Acer GameZone online.ico
2014-04-30 01:10 - 2014-04-30 01:11 - 0000318 _____ () C:\Users\Acer\AppData\Roaming\aps.uninstall.scan.results
2015-05-20 22:59 - 2015-05-20 22:59 - 0009064 _____ () C:\Users\Acer\AppData\Roaming\HELP_DECRYPT.HTML
2015-05-20 22:59 - 2015-05-20 22:59 - 0050242 _____ () C:\Users\Acer\AppData\Roaming\HELP_DECRYPT.PNG
2015-05-20 22:59 - 2015-05-20 22:59 - 0004858 _____ () C:\Users\Acer\AppData\Roaming\HELP_DECRYPT.TXT
2015-05-20 22:59 - 2015-05-20 22:59 - 0000296 _____ () C:\Users\Acer\AppData\Roaming\HELP_DECRYPT.URL
2014-05-01 17:46 - 2014-05-01 17:46 - 0000045 _____ () C:\Users\Acer\AppData\Roaming\WB.CFG
2014-04-30 01:24 - 2014-04-29 14:58 - 1727816 _____ (AnyProtect.com) C:\Users\Acer\AppData\Local\AnyProtectScannerSetup.exe
2015-05-20 22:58 - 2015-05-20 22:58 - 0009064 _____ () C:\Users\Acer\AppData\Local\HELP_DECRYPT.HTML
2015-05-20 22:58 - 2015-05-20 22:58 - 0050242 _____ () C:\Users\Acer\AppData\Local\HELP_DECRYPT.PNG
2015-05-20 22:58 - 2015-05-20 22:58 - 0004858 _____ () C:\Users\Acer\AppData\Local\HELP_DECRYPT.TXT
2015-05-20 22:58 - 2015-05-20 22:58 - 0000296 _____ () C:\Users\Acer\AppData\Local\HELP_DECRYPT.URL
2014-04-30 01:05 - 2014-04-30 01:05 - 1745360 _____ (AnyProtect.com) C:\Users\Acer\AppData\Local\nsf9A20.tmp
2015-04-19 21:37 - 2015-04-19 21:37 - 0007605 _____ () C:\Users\Acer\AppData\Local\Resmon.ResmonCfg
2009-01-01 01:01 - 2009-01-01 01:01 - 0000000 _____ () C:\Users\Acer\AppData\Local\{35D7BE46-8A52-49E4-A9D5-0F7C9BB32759}
2009-01-01 01:02 - 2009-01-01 01:03 - 0000000 _____ () C:\Users\Acer\AppData\Local\{3C8CB1DF-6EE5-49F2-98D9-0878BC67DC82}
2009-01-01 01:01 - 2009-01-01 01:02 - 0000000 _____ () C:\Users\Acer\AppData\Local\{8BF8BB2A-02F0-4F25-BA00-5C6C675DCF04}
2010-01-06 00:10 - 2009-07-18 04:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe
2015-05-20 22:53 - 2015-05-20 22:53 - 0009064 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-05-20 22:53 - 2015-05-20 22:53 - 0050242 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-05-20 22:53 - 2015-05-20 22:53 - 0004858 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-05-20 22:53 - 2015-05-20 22:53 - 0000296 _____ () C:\ProgramData\HELP_DECRYPT.URL

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-25 14:07

==================== End of log ============================
         
__________________

Alt 26.05.2015, 06:49   #4
Machiavelli
 
Crypto Wll 3.0 und bestimmt noch mehr auf Netbook - Standard

Crypto Wll 3.0 und bestimmt noch mehr auf Netbook



Das wird jetzt nur die "richtige" Malware löschen, um Adware kümmern wir uns später.

Schritt 1: FRST Fix

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\S-1-5-21-703194281-1064979597-3007394612-1000\...\Run: [syshost32] => C:\Users\Acer\AppData\Local\{316CFC2C-50E5-5F36-0DB3-F7F1ED76C0F7}\syshost.exe [101888 2015-05-25] (Mozilla Foundation)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML [2015-05-20] ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-05-20] ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-05-20] ()
InternetURL: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.fedpayopinion.com/16vfacm
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
RemoveProxy:
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1398812401&from=tugs&uid=WDCXWD2500BEVT-22A23T0_WD-WX81A102996129961&q={searchTerms}
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398812401&from=tugs&uid=WDCXWD2500BEVT-22A23T0_WD-WX81A102996129961&q={searchTerms}
SearchScopes: HKU\S-1-5-21-703194281-1064979597-3007394612-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398812401&from=tugs&uid=WDCXWD2500BEVT-22A23T0_WD-WX81A102996129961&q={searchTerms}
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
FF NetworkProxy: "type", 0
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
2015-05-27 12:06 - 2015-05-25 17:00 - 00004858 _____ () C:\Users\Acer\Desktop\HELP_DECRYPT.TXT
2015-05-27 12:06 - 2015-05-25 17:00 - 00000296 _____ () C:\Users\Acer\Desktop\HELP_DECRYPT.URL
2015-05-25 22:52 - 2015-05-25 22:54 - 00011328 _____ () C:\Users\Hearthstone\AppData\Local\MyWinLockerInstaller.txt-20150525.log
2015-05-20 23:44 - 2015-05-25 17:00 - 00009064 _____ () C:\Users\Acer\Desktop\HELP_DECRYPT.HTML
2015-05-20 23:44 - 2015-05-20 23:44 - 00009064 _____ () C:\Users\Acer\HELP_DECRYPT.HTML
2015-05-20 23:44 - 2015-05-20 23:44 - 00004858 _____ () C:\Users\Acer\HELP_DECRYPT.TXT
2015-05-20 23:44 - 2015-05-20 23:44 - 00000296 _____ () C:\Users\Acer\HELP_DECRYPT.URL
2015-05-20 23:08 - 2015-05-20 23:08 - 00009064 _____ () C:\Users\Acer\Documents\HELP_DECRYPT.HTML
2015-05-20 23:08 - 2015-05-20 23:08 - 00004858 _____ () C:\Users\Acer\Documents\HELP_DECRYPT.TXT
2015-05-20 23:08 - 2015-05-20 23:08 - 00000296 _____ () C:\Users\Acer\Documents\HELP_DECRYPT.URL
2015-05-20 22:59 - 2015-05-20 22:59 - 00009064 _____ () C:\Users\Acer\AppData\Roaming\HELP_DECRYPT.HTML
2015-05-20 22:59 - 2015-05-20 22:59 - 00009064 _____ () C:\Users\Acer\AppData\HELP_DECRYPT.HTML
2015-05-20 22:59 - 2015-05-20 22:59 - 00004858 _____ () C:\Users\Acer\AppData\Roaming\HELP_DECRYPT.TXT
2015-05-20 22:59 - 2015-05-20 22:59 - 00004858 _____ () C:\Users\Acer\AppData\HELP_DECRYPT.TXT
2015-05-20 22:59 - 2015-05-20 22:59 - 00000296 _____ () C:\Users\Acer\AppData\Roaming\HELP_DECRYPT.URL
2015-05-20 22:59 - 2015-05-20 22:59 - 00000296 _____ () C:\Users\Acer\AppData\HELP_DECRYPT.URL
2015-05-20 22:58 - 2015-05-20 22:58 - 00009064 _____ () C:\Users\Acer\AppData\Local\HELP_DECRYPT.HTML
2015-05-20 22:58 - 2015-05-20 22:58 - 00004858 _____ () C:\Users\Acer\AppData\Local\HELP_DECRYPT.TXT
2015-05-20 22:58 - 2015-05-20 22:58 - 00000296 _____ () C:\Users\Acer\AppData\Local\HELP_DECRYPT.URL
2015-05-20 22:53 - 2015-05-20 22:53 - 00009064 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-05-20 22:53 - 2015-05-20 22:53 - 00004858 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-05-20 22:53 - 2015-05-20 22:53 - 00000296 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-05-20 22:59 - 2015-05-20 22:59 - 0009064 _____ () C:\Users\Acer\AppData\Roaming\HELP_DECRYPT.HTML
2015-05-20 22:59 - 2015-05-20 22:59 - 0050242 _____ () C:\Users\Acer\AppData\Roaming\HELP_DECRYPT.PNG
2015-05-20 22:59 - 2015-05-20 22:59 - 0004858 _____ () C:\Users\Acer\AppData\Roaming\HELP_DECRYPT.TXT
2015-05-20 22:59 - 2015-05-20 22:59 - 0000296 _____ () C:\Users\Acer\AppData\Roaming\HELP_DECRYPT.URL
2015-05-20 22:58 - 2015-05-20 22:58 - 0009064 _____ () C:\Users\Acer\AppData\Local\HELP_DECRYPT.HTML
2015-05-20 22:58 - 2015-05-20 22:58 - 0050242 _____ () C:\Users\Acer\AppData\Local\HELP_DECRYPT.PNG
2015-05-20 22:58 - 2015-05-20 22:58 - 0004858 _____ () C:\Users\Acer\AppData\Local\HELP_DECRYPT.TXT
2015-05-20 22:58 - 2015-05-20 22:58 - 0000296 _____ () C:\Users\Acer\AppData\Local\HELP_DECRYPT.URL
2015-05-20 22:53 - 2015-05-20 22:53 - 0009064 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-05-20 22:53 - 2015-05-20 22:53 - 0050242 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-05-20 22:53 - 2015-05-20 22:53 - 0004858 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-05-20 22:53 - 2015-05-20 22:53 - 0000296 _____ () C:\ProgramData\HELP_DECRYPT.URL
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2: ComboFix

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Proud member of Unite

Alt 27.05.2015, 16:52   #5
Avdalim
 
Crypto Wll 3.0 und bestimmt noch mehr auf Netbook - Standard

Crypto Wll 3.0 und bestimmt noch mehr auf Netbook



Habe jetzt folgendes Problem: Der Benutzer Account auf dem die ganzen FRST Dateien waren und die Programme selber ist auf einmal sehr langsam (selbst nach 30 Minuten lässt sich Firefox nicht öffnen )geworden. Das Interessante ist, dass auf dem anderen Account auf diesem PC alles in Ordnung ist (Beide Benutzer ACCs sind Admins) jetzt weiß ich nicht ob diese Schritte auch auf dem anderen ACC ausführen könnte. Ich könnte auch den ersten ACC komplett löschen, ist ja nicht so, dass noch Dateien drauf sind und den 2ten als einzigen Benutzen.


Alt 27.05.2015, 17:28   #6
Machiavelli
 
Crypto Wll 3.0 und bestimmt noch mehr auf Netbook - Standard

Crypto Wll 3.0 und bestimmt noch mehr auf Netbook



Schritte auf diesen Benutzer Account ausführen. Falls dies nicht geht, versuche den abgesicherten Modus zu verwenden.
__________________
--> Crypto Wll 3.0 und bestimmt noch mehr auf Netbook

Antwort

Themen zu Crypto Wll 3.0 und bestimmt noch mehr auf Netbook
adobe, adware, antivirus, avg, bonjour, browser, cpu, crypto wall, device driver, error, excel, explorer, firefox, flash player, home, iexplore.exe, install.exe, installmanager.exe, launch, mozilla, realtek, registry, rundll, secure search, security, symantec, system, temp, udp, usb, windows



Ähnliche Themen: Crypto Wll 3.0 und bestimmt noch mehr auf Netbook


  1. Netbook,Windows 7Starter läuft langsam oder reagiert gar nicht mehr
    Log-Analyse und Auswertung - 28.04.2015 (55)
  2. Asus EeePC Netbook mit Windows 7 Starter, SP1, 32Bit startet nur noch im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 03.04.2014 (7)
  3. Altes Netbook mit Windows XP, sicher im Internet surfen noch möglich?
    Alles rund um Windows - 30.03.2014 (64)
  4. Asus Netbook läuft nur noch sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 17.03.2014 (11)
  5. Hatte Sperrbildschirm "Meldestelle Cybercrime...", ist plötzlich weg, Virus aber bestimmt noch am PC
    Plagegeister aller Art und deren Bekämpfung - 04.11.2013 (19)
  6. Laptop nach GVU-Trojaner Befall wieder am Laufen aber bestimmt noch nicht "sauber"
    Plagegeister aller Art und deren Bekämpfung - 23.07.2013 (11)
  7. Netbook bootet nicht mehr (Nurnoch Schwarzer Bildschirm mit bewegbarem Cursor zu sehen)
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (7)
  8. bProtector auf dem Netbook meiner Tochter, Avira läuft auch nicht mehr, was tun ??
    Log-Analyse und Auswertung - 30.08.2012 (10)
  9. GVU-Trojaner, Live-Security-Platinum und bestimmt noch einiges mehr... :(
    Log-Analyse und Auswertung - 02.08.2012 (11)
  10. HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum Aufzeichnung
    Log-Analyse und Auswertung - 11.07.2012 (29)
  11. GVU-Trojaner blockiert zwar nichts mehr, aber ist bestimmt noch auf dem PC
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (1)
  12. BKA Virus, Netbook bootet jetzt nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 12.05.2012 (38)
  13. Netbook startet nicht mehr, Trojaner vom Typ TR/crypt.XPACK.Gen3 entdeckt.
    Plagegeister aller Art und deren Bekämpfung - 19.02.2011 (45)
  14. Trojan.sasfix - bestimmt alter Hut für Euch
    Plagegeister aller Art und deren Bekämpfung - 27.04.2010 (18)
  15. System Defender und bestimmt noch mehr
    Plagegeister aller Art und deren Bekämpfung - 13.01.2010 (80)
  16. Hilfee!!!! bin bestimmt versucht.......
    Log-Analyse und Auswertung - 15.01.2005 (1)
  17. Da sind bestimmt Trojaner drin!?
    Log-Analyse und Auswertung - 20.07.2004 (1)

Zum Thema Crypto Wll 3.0 und bestimmt noch mehr auf Netbook - Hallo Leute, meine Mutter und mein Bruder benutzten diesen PC 1 Jahr oder mehr ohne Antivirus Software. Dabei hat sich bestimmt ganz viel an Schadsoftware angelagert. Der offensichtlichste Fall ist - Crypto Wll 3.0 und bestimmt noch mehr auf Netbook...
Archiv
Du betrachtest: Crypto Wll 3.0 und bestimmt noch mehr auf Netbook auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.