Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.05.2015, 09:11   #1
SheWolf729
 
Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score) - Standard

Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score)



Hallöchen, ^-^
folgendes.. ich habe mir vor ein paar Tagen eine Datei heruntergeladen, undzwar Sony Vegas 12 und war dabei das Teil zu installieren. Blöderweise habe ich wohl nicht alles gelesen. Somit habe ich mir dann viel Werbung duch Malwares add ons.. ich bin mir nicht sicher was es ist/war eingefangen. Die Anzeigen stammten von 'crazy score' ich versuche das Problem zu beheben und schaute mir ein Video ( hxxp://praxistipps.chip.de/crazy-score-entfernen-so-werden-sie-die-adware-los_40982 ) an, das mir helfen sollte crazy score wegzubekommen. Ich befolge alle Schritte jedoch wurde im Video von einem empfohlenen Programm geredet das mir helfen sollte das Ding wegzubekommen. Ich fiel auf Werbung rein und installierte mir statt Adwcleaner ein Programm Namens Spyhunter. Das hab ich mir dann nach einem Scan wieder deinstallierte, weil ich bemerkt hab das dass Teil vielleicht auch eine Malware oder ähnliches sein könnte, ich bekam das alles nicht wieder runter, also die Werbung.. also setzte ich meinen meinen Laptop auf Werkeinstellungen zurück. Jedoch wird mir trotz allem Werbung angezeigt und mein Laptop läuft langsamer. Das erschreckt mich ein wenig und deswegen würde ich um hilfe bitten. Ich habe mein Viren Programm durchlaufen lassen jedoch fand er nichts, deshalb habe ich die Log Files ausgelassen.

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:53 on 25/05/2015 (Michelle')

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-26 08:18:03
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000024 WDC_WD5000LPVX-22V0TT0 rev.01.01A01 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\MICHEL~1\AppData\Local\Temp\kxlcypow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe[1704] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506         00007ffe1e9f169a 4 bytes [9F, 1E, FE, 7F]
.text   C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe[1704] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514         00007ffe1e9f16a2 4 bytes [9F, 1E, FE, 7F]
.text   C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe[1704] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118            00007ffe1e9f181a 4 bytes [9F, 1E, FE, 7F]
.text   C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe[1704] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142            00007ffe1e9f1832 4 bytes [9F, 1E, FE, 7F]
.text   C:\Windows\system32\mfevtps.exe[1736] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506                                00007ffe1e9f169a 4 bytes [9F, 1E, FE, 7F]
.text   C:\Windows\system32\mfevtps.exe[1736] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514                                00007ffe1e9f16a2 4 bytes [9F, 1E, FE, 7F]
.text   C:\Windows\system32\mfevtps.exe[1736] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118                                   00007ffe1e9f181a 4 bytes [9F, 1E, FE, 7F]
.text   C:\Windows\system32\mfevtps.exe[1736] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142                                   00007ffe1e9f1832 4 bytes [9F, 1E, FE, 7F]
.text   C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[1852] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506       00007ffe1e9f169a 4 bytes [9F, 1E, FE, 7F]
.text   C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[1852] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514       00007ffe1e9f16a2 4 bytes [9F, 1E, FE, 7F]
.text   C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[1852] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118          00007ffe1e9f181a 4 bytes [9F, 1E, FE, 7F]
.text   C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[1852] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142          00007ffe1e9f1832 4 bytes [9F, 1E, FE, 7F]
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[644] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194  00007ffe0d1a1f6a 4 bytes [1A, 0D, FE, 7F]
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[644] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218  00007ffe0d1a1f82 4 bytes [1A, 0D, FE, 7F]
.text   C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4312] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506      00007ffe1e9f169a 4 bytes [9F, 1E, FE, 7F]
.text   C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4312] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514      00007ffe1e9f16a2 4 bytes [9F, 1E, FE, 7F]
.text   C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4312] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118         00007ffe1e9f181a 4 bytes [9F, 1E, FE, 7F]
.text   C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4312] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142         00007ffe1e9f1832 4 bytes [9F, 1E, FE, 7F]
.text   C:\Program Files\Internet Explorer\iexplore.exe[4752] C:\Windows\system32\USER32.dll!TrackPopupMenuEx                       00007ffe1d461ef0 5 bytes JMP 00007fff04ea8c20
.text   C:\Program Files\Internet Explorer\iexplore.exe[4752] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506                00007ffe1e9f169a 4 bytes [9F, 1E, FE, 7F]
.text   C:\Program Files\Internet Explorer\iexplore.exe[4752] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514                00007ffe1e9f16a2 4 bytes [9F, 1E, FE, 7F]
.text   C:\Program Files\Internet Explorer\iexplore.exe[4752] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118                   00007ffe1e9f181a 4 bytes [9F, 1E, FE, 7F]
.text   C:\Program Files\Internet Explorer\iexplore.exe[4752] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142                   00007ffe1e9f1832 4 bytes [9F, 1E, FE, 7F]
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[5004] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194                   00007ffe0d1a1f6a 4 bytes [1A, 0D, FE, 7F]
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[5004] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218                   00007ffe0d1a1f82 4 bytes [1A, 0D, FE, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [708:748]                                                                                     fffff960009bd4d0

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                       unknown MBR code

---- EOF - GMER 2.1 ----
         
--- --- --- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015 Ran by Michelle' (administrator) on MICHELLE on 26-05-2015 09:00:44 Running from C:\Users\Michelle'\Downloads Loaded Profiles: Michelle' (Available Profiles: Michelle') Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe (TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-10-02] (ELAN Microelectronics Corp.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [728312 2015-04-16] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1301906094-2708059981-772469347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB HKU\S-1-5-21-1301906094-2708059981-772469347-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1301906094-2708059981-772469347-1001 -> {BBD081BD-B80A-44B3-9036-F248AC630BC4} URL = Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] () FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] () FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-13] () FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-11-27] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-11-27] Chrome: ======= CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-26] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-26] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 0188671432621485mcinstcleanup; C:\Windows\TEMP\018867~1.EXE [836168 2014-03-13] (McAfee, Inc.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827640 2015-04-16] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1185584 2015-04-16] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [] R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2650696 2013-07-26] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-10-02] (ELAN Microelectronics Corp.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [] R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-04-29] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-10-08] (McAfee, Inc.) S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation) R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate) R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-04-16] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-04-16] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-04-16] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-04-16] (Avira Operations GmbH & Co. KG) S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation) S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.) U3 mfeavfk01; No ImagePath S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) U3 kxlcypow; \??\C:\Users\MICHEL~1\AppData\Local\Temp\kxlcypow.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-26 09:00 - 2015-05-26 09:01 - 00015000 _____ () C:\Users\Michelle'\Downloads\FRST.txt 2015-05-26 08:59 - 2015-05-26 09:00 - 02108928 _____ (Farbar) C:\Users\Michelle'\Downloads\FRST64.exe 2015-05-26 08:27 - 2015-05-26 08:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2015-05-26 08:18 - 2015-05-26 08:18 - 00005093 _____ () C:\Users\Michelle'\Desktop\Gmer.txt 2015-05-26 07:53 - 2015-05-26 08:53 - 00010240 ___SH () C:\Users\Michelle'\Desktop\Thumbs.db 2015-05-26 06:11 - 2015-05-26 06:11 - 00000000 _____ () C:\Recovery.txt 2015-05-26 02:00 - 2015-05-26 02:00 - 00000000 ____D () C:\Users\Michelle'\AppData\Local\Acer Aspire R7 Tutorial 2015-05-26 01:58 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys 2015-05-26 01:41 - 2015-05-26 01:42 - 00855224 _____ () C:\Windows\Minidump\052615-30078-01.dmp 2015-05-26 01:41 - 2015-05-26 01:41 - 434629463 _____ () C:\Windows\MEMORY.DMP 2015-05-26 01:41 - 2015-05-26 01:41 - 00000000 ____D () C:\Windows\Minidump 2015-05-26 01:28 - 2015-05-26 01:28 - 02223104 _____ () C:\Users\Michelle'\Downloads\adwcleaner_4.205.exe 2015-05-26 01:18 - 2015-05-26 01:18 - 00001155 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-05-26 01:18 - 2015-05-26 01:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-05-26 01:15 - 2015-05-26 01:18 - 00000000 ____D () C:\ProgramData\Package Cache 2015-05-26 01:05 - 2015-05-26 01:05 - 00000000 ____D () C:\Users\Michelle'\AppData\Roaming\Avira 2015-05-26 01:02 - 2015-05-26 01:18 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-05-26 01:02 - 2015-05-26 01:15 - 00000000 ____D () C:\ProgramData\Avira 2015-05-26 01:02 - 2015-04-16 15:23 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-05-26 01:02 - 2015-04-16 15:23 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-05-26 01:02 - 2015-04-16 15:23 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-05-26 01:02 - 2015-04-16 15:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-05-26 00:55 - 2015-05-26 00:57 - 207437104 _____ () C:\Users\Michelle'\Downloads\avira_antivirus_de-de_15.0.10.434.exe 2015-05-26 00:12 - 2015-05-26 00:12 - 00380416 _____ () C:\Users\Michelle'\Downloads\Gmer-19357 (1).exe 2015-05-26 00:12 - 2015-05-26 00:12 - 00380416 _____ () C:\Users\Michelle'\Desktop\Gmer-19357.exe 2015-05-25 23:56 - 2015-05-26 09:00 - 00000000 ____D () C:\FRST 2015-05-25 23:52 - 2015-05-25 23:53 - 00000480 _____ () C:\Users\Michelle'\Desktop\defogger_disable.log 2015-05-25 23:52 - 2015-05-25 23:52 - 00000000 _____ () C:\Users\Michelle'\defogger_reenable 2015-05-25 22:28 - 2015-05-26 01:34 - 00000000 ____D () C:\AdwCleaner 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\Startmenü 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Programme 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\ProgramData\Vorlagen 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\ProgramData\Startmenü 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\ProgramData\Dokumente 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien 2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Dokumente und Einstellungen 2015-05-25 21:03 - 2015-05-25 21:03 - 00000000 ____D () C:\ProgramData\Riot Games 2015-05-25 21:00 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2015-05-25 21:00 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2015-05-25 21:00 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2015-05-25 21:00 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2015-05-25 21:00 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2015-05-25 20:59 - 2015-05-25 20:59 - 00001625 _____ () C:\Users\Public\Desktop\League of Legends.lnk 2015-05-25 20:59 - 2015-05-25 20:59 - 00000000 ____D () C:\Riot Games 2015-05-25 20:43 - 2015-05-25 21:00 - 00000000 ____D () C:\Users\Michelle'\AppData\Roaming\Riot Games 2015-05-25 20:41 - 2015-05-25 20:42 - 30668968 _____ (Riot Games) C:\Users\Michelle'\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe 2015-05-25 20:40 - 2015-05-25 20:40 - 00000000 ____D () C:\Users\Michelle'\AppData\Roaming\Macromedia 2015-05-25 20:31 - 2015-05-26 08:32 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1301906094-2708059981-772469347-1001 2015-05-25 20:29 - 2015-05-25 20:29 - 00000000 ____D () C:\Users\Public\Pokki 2015-05-25 20:28 - 2015-05-26 07:51 - 00000000 ____D () C:\Users\Michelle'\AppData\Local\clear.fi 2015-05-25 20:28 - 2015-05-25 20:28 - 00000000 ____D () C:\Users\Michelle'\PicStream 2015-05-25 20:26 - 2015-05-25 20:26 - 00001770 _____ () C:\Users\Public\Desktop\Online kaufen.lnk 2015-05-25 20:26 - 2015-05-25 20:26 - 00001454 _____ () C:\Users\Michelle'\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-05-25 20:26 - 2015-05-25 20:26 - 00001276 _____ () C:\Users\Michelle'\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Realtek HD Audio-Manager.lnk 2015-05-25 20:26 - 2015-05-25 20:26 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-05-25 20:26 - 2015-05-25 20:26 - 00000000 ____D () C:\Users\Michelle'\AppData\Roaming\Atheros 2015-05-25 20:26 - 2015-05-25 20:26 - 00000000 ____D () C:\Users\Michelle'\AppData\Roaming\Adobe 2015-05-25 20:26 - 2015-05-25 20:26 - 00000000 ____D () C:\Users\Michelle'\AppData\Local\VirtualStore 2015-05-25 20:26 - 2015-05-25 20:26 - 00000000 ____D () C:\ProgramData\OEM_YAHOO 2015-05-25 20:26 - 2015-05-25 20:26 - 00000000 ____D () C:\Program Files\Accessory Store 2015-05-25 20:26 - 2015-05-25 20:26 - 00000000 ____D () C:\Program Files (x86)\OEM 2015-05-25 20:25 - 2015-05-26 08:12 - 00000000 ____D () C:\Users\Michelle' 2015-05-25 20:25 - 2015-05-25 20:27 - 00000000 ____D () C:\Users\Michelle'\AppData\Local\Packages 2015-05-25 20:25 - 2015-05-25 20:25 - 00000020 ___SH () C:\Users\Michelle'\ntuser.ini 2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\Vorlagen 2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\Startmenü 2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\Netzwerkumgebung 2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\Lokale Einstellungen 2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\Eigene Dateien 2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\Druckumgebung 2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\Documents\Eigene Musik 2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\Documents\Eigene Bilder 2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\AppData\Local\Verlauf 2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\AppData\Local\Anwendungsdaten 2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\Anwendungsdaten 2015-05-25 20:25 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Michelle'\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-05-25 20:25 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Michelle'\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-05-25 20:25 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Michelle'\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-05-25 20:25 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Michelle'\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-10-21 15:36 - 2013-12-22 05:25 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat 2021-10-04 09:34 - 2013-12-22 05:25 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat 2015-05-26 09:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru 2015-05-26 08:28 - 2013-12-22 05:02 - 00265584 _____ () C:\Windows\WindowsUpdate.log 2015-05-26 08:27 - 2013-11-27 12:25 - 00001864 _____ () C:\Users\Public\Desktop\McAfee LiveSafe – Internet Security.lnk 2015-05-26 08:24 - 2013-11-27 12:22 - 00000000 ____D () C:\Program Files\Common Files\mcafee 2015-05-26 08:17 - 2013-12-22 13:46 - 00765582 _____ () C:\Windows\system32\perfh007.dat 2015-05-26 08:17 - 2013-12-22 13:46 - 00159366 _____ () C:\Windows\system32\perfc007.dat 2015-05-26 08:17 - 2013-11-27 11:55 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-26 08:11 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-26 07:48 - 2013-11-27 11:49 - 00202058 _____ () C:\Windows\PFRO.log 2015-05-26 07:47 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-05-26 06:10 - 2013-08-22 17:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template 2015-05-26 01:55 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\ELAMBKUP 2015-05-26 01:54 - 2013-11-27 12:22 - 00000000 ____D () C:\ProgramData\McAfee 2015-05-26 01:42 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2015-05-25 21:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache 2015-05-25 21:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT 2015-05-25 21:12 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default 2015-05-25 21:11 - 2013-08-22 16:44 - 00335992 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-25 20:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\restore 2015-05-25 20:32 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-05-25 20:27 - 2013-12-22 05:48 - 00003546 _____ () C:\Windows\System32\Tasks\Norton Online Backup ARA 2015-05-25 20:27 - 2013-12-22 05:48 - 00000000 ____D () C:\ProgramData\Norton 2015-05-25 20:26 - 2013-12-22 13:36 - 00003467 _____ () C:\Windows\patch.log 2015-05-25 20:26 - 2013-11-27 11:48 - 00000000 ____D () C:\Windows\Panther 2015-05-25 20:26 - 2013-11-27 11:40 - 00000000 ___HD () C:\OEM 2015-05-25 20:26 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2015-05-25 20:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore 2015-05-25 20:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager 2015-05-25 20:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera ==================== Files in the root of some directories ======= 2013-12-22 05:26 - 2013-12-22 05:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\Michelle'\AppData\Local\Temp\avgnt.exe C:\Users\Michelle'\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2013-11-27 11:49 ==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015 Ran by Michelle' at 2015-05-26 09:01:53 Running from C:\Users\Michelle'\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1301906094-2708059981-772469347-500 - Administrator - Disabled) Gast (S-1-5-21-1301906094-2708059981-772469347-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1301906094-2708059981-772469347-1003 - Limited - Enabled) Michelle' (S-1-5-21-1301906094-2708059981-772469347-1001 - Administrator - Enabled) => C:\Users\Michelle' ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.3006 - Acer Incorporated) Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated) Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.3104.3 - Acer Incorporated) Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.3104.6 - Acer Incorporated) Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.3104 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated) Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.00.3000 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8101 - Acer Incorporated) Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated) Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG) Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM) ETDWare PS/2-X64 11.6.28.201_WHQL (HKLM\...\Elantech) (Version: 11.6.28.201 - ELAN Microelectronic Corp.) Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3349 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated) Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.274 - McAfee, Inc.) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG) Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation) Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer) Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2009 - Acer) Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.27041 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.) Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB) The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 25-05-2015 20:43:48 Microsoft Visual C++ 2005 Redistributable (x64) wird installiert ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0376A0F2-89B4-4F89-95FD-E235A6728D8E} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2013-07-26] (Acer Incorporated) Task: {0395EEBF-45D1-4925-A431-EA6354BB09F1} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2013-08-02] (Acer Incorporate) Task: {06431306-E630-4261-89F1-3D8C86CE48FD} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-09-12] (Acer Incorporated) Task: {30481248-3D6F-45FF-B19C-885019FFF52B} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated) Task: {39F97378-9FE6-4A41-98E6-3F062E2ECBA8} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] () Task: {BB169B6C-F512-4342-A738-EA3897EE3FA8} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation) Task: {CE4E985C-2A0B-4D7F-8427-3143897146F1} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-09] () Task: {F3EA5A20-19D5-4B70-926B-767C8D3AD0AB} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate) ==================== Loaded Modules (Whitelisted) ============== 2013-09-07 02:48 - 2013-09-07 02:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-09-07 02:45 - 2013-09-07 02:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll 2013-09-07 02:52 - 2013-09-07 02:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1301906094-2708059981-772469347-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER Error getting == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{FBEC0E58-C1EB-4196-83AA-1C7013633EEC}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe FirewallRules: [{F0F35B2B-F260-4202-A013-672749ECB444}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe FirewallRules: [{A66AC066-D442-4DEF-AC54-FC00CA747300}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{37A99701-B951-450C-BE47-728E41053292}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{3EC85CED-DDFA-4ADB-BEFB-2F133DCEF924}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{E1E87576-84A3-4FCE-8498-A9E2B1ADB11C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{B849D2BF-DE86-48D7-BEE0-BA06413306F7}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{B777F780-DC76-4D69-98DE-E327EC303792}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{5D8692B8-7D00-491E-B472-DC8C76FE721E}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe FirewallRules: [{4271EC62-8E65-4153-BE8A-4EBA9E99EE56}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe FirewallRules: [{6B1C96DA-81B8-4A03-9A72-7897F566162C}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe FirewallRules: [{0E8A9AD5-A3B9-4691-88DD-477359C190B3}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe FirewallRules: [{21225AA5-FFF0-4A1D-906E-3FE40776947D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe FirewallRules: [{B766FD03-2C3F-4829-A199-D6E9546548E1}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe FirewallRules: [{B888B320-7B41-409D-BDFB-7896CFD8BDD8}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe FirewallRules: [{C8D5E049-A930-4E4A-AAF4-2139129E9568}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe FirewallRules: [{B57B2FFD-B3A3-42D1-A198-8412DC226E7F}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe FirewallRules: [{C9CD9BAC-D29F-435C-8ABF-C803724208B3}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe FirewallRules: [{48EEDD6B-2425-40F3-BFD6-66D5550C756D}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe FirewallRules: [{F9A27917-72F2-410C-92D4-5CCA80ED2840}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe FirewallRules: [{1549E031-40ED-4F5A-9E22-2053A8F412AD}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe FirewallRules: [{0990E0FD-E1DA-4F55-99CE-EB2531743F02}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe FirewallRules: [{3DCC0CBC-2A07-4C6E-8376-4D0301CB149D}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe FirewallRules: [{A87C6606-9CEC-4A5A-8678-C6F3964A9C0A}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe FirewallRules: [{5B826362-34AB-4EC2-8BF5-02F86D3EBB8A}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{CF0EFCC1-42C6-4217-8094-816A18970703}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{61E91829-2C68-4C39-9F1B-6E68AEDA9D51}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe FirewallRules: [{93FD0020-8580-476A-86CD-E366191789E4}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe FirewallRules: [{04BF56A4-A292-4462-80C3-E3AAE19F5A14}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe FirewallRules: [{84DDD0EB-333C-49ED-9BC0-00E0D98ECA28}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe FirewallRules: [{A5D6E112-D4A1-48C2-B66F-7B210B348430}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{7C0EC650-849A-4797-9402-18696B72B896}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{85F235CB-09CC-44E6-A53D-DC63C5102CA1}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{45A1CF4D-3D14-4091-96A1-96EEF81F8AAF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/26/2015 08:22:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT) Description: Content is missing. Error Code:a7f42014 Error: (05/26/2015 08:21:52 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT) Description: Content is missing. Error Code:a7f42014 Error: (05/26/2015 08:21:30 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT) Description: Content is missing. Error Code:a7f42014 Error: (05/26/2015 08:21:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT) Description: Content is missing. Error Code:a7f42014 Error: (05/26/2015 08:21:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT) Description: Content is missing. Error Code:a7f42014 Error: (05/26/2015 08:20:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT) Description: Content is missing. Error Code:a7f42014 Error: (05/26/2015 08:19:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT) Description: Content is missing. Error Code:a7f42014 Error: (05/26/2015 08:18:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT) Description: Content is missing. Error Code:a7f42014 Error: (05/26/2015 08:17:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT) Description: Content is missing. Error Code:a7f42014 Error: (05/26/2015 08:16:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT) Description: Content is missing. Error Code:a7f42014 System errors: ============= Error: (05/26/2015 08:24:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee Anti-Spam Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/26/2015 08:24:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Anti-Spam Service erreicht. Error: (05/26/2015 08:24:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/26/2015 08:24:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Proxy Service erreicht. Error: (05/26/2015 08:24:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee Personal Firewall Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/26/2015 08:24:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Personal Firewall Service erreicht. Error: (05/26/2015 08:24:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee Home Network" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/26/2015 08:24:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Home Network erreicht. Error: (05/26/2015 08:24:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee Anti-Spam Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/26/2015 08:24:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Anti-Spam Service erreicht. Microsoft Office: ========================= Error: (05/26/2015 08:22:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT) Description: a7f42014 Error: (05/26/2015 08:21:52 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT) Description: a7f42014 Error: (05/26/2015 08:21:30 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT) Description: a7f42014 Error: (05/26/2015 08:21:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT) Description: a7f42014 Error: (05/26/2015 08:21:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT) Description: a7f42014 Error: (05/26/2015 08:20:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT) Description: a7f42014 Error: (05/26/2015 08:19:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT) Description: a7f42014 Error: (05/26/2015 08:18:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT) Description: a7f42014 Error: (05/26/2015 08:17:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT) Description: a7f42014 Error: (05/26/2015 08:16:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT) Description: a7f42014 ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU N3520 @ 2.16GHz Percentage of memory in use: 51% Total physical RAM: 3979.34 MB Available physical RAM: 1929.46 MB Total Pagefile: 8075.34 MB Available Pagefile: 5572.41 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:448.69 GB) (Free:415.88 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: D797163E) Partition: GPT Partition Type. ==================== End of log ============================

Alt 26.05.2015, 09:12   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score) - Standard

Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score)



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 26.05.2015, 09:30   #3
SheWolf729
 
Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score) - Standard

Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score)



Nein habe ich nicht :/ zudem gibt es ja keine Logs der letzten 7 tage da ich den Laptop ja auf Werkeinstellungen zurückgesetzt hab.. mit FRST habe ich bereits einen Scan gemacht ich bin wohl zu doof um zu verstehen was gemeint ist, weil ich eigentlich alles schon gepostet hab :/
__________________

Alt 26.05.2015, 09:54   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score) - Standard

Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score)



Ich seh jetzt erst, dass du deine Logs in CODE-Tags verschachtelt hast...

Zitat:
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
Das geht so garnicht, eins muss davon auf jeden Fall runter.
Da wir weder Avira noch McAfee empfehlen solltest du meiner Meinung nach beide deinstallieren. Wenn wir hier fertig sind, kannst du einen Scanner, den wir empfehlen, wieder aufspielen. Mehr dazu aber zum Schluss.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.05.2015, 10:03   #5
SheWolf729
 
Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score) - Standard

Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score)



Ich habe jetzt beide deinstalliert


Alt 26.05.2015, 10:07   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score) - Standard

Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score)



Adware/Junkware/Toolbars entfernen

1. Schritt: Malwarebytes

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
--> Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score)

Alt 26.05.2015, 11:03   #7
SheWolf729
 
Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score) - Standard

Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score)



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.0 (05.25.2015:1)
OS: Windows 8.1 x64
Ran by Michelle' on 26.05.2015 at 10:47:36,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1301906094-2708059981-772469347-1001
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1301906094-2708059981-772469347-500
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3124938557-2334116980-2269491839-500



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.05.2015 at 10:50:35,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Michelle' at 2015-05-26 11:00:55
Running from C:\Users\Michelle'\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1301906094-2708059981-772469347-500 - Administrator - Disabled)
Gast (S-1-5-21-1301906094-2708059981-772469347-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1301906094-2708059981-772469347-1003 - Limited - Enabled)
Michelle' (S-1-5-21-1301906094-2708059981-772469347-1001 - Administrator - Enabled) => C:\Users\Michelle'

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.3006 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.3104.3 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.3104.6 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.3104 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.00.3000 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8101 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ETDWare PS/2-X64 11.6.28.201_WHQL (HKLM\...\Elantech) (Version: 11.6.28.201 - ELAN Microelectronic Corp.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3349 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.274 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2009 - Acer)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.27041 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

25-05-2015 20:43:48 Microsoft Visual C++ 2005 Redistributable (x64) wird installiert

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0376A0F2-89B4-4F89-95FD-E235A6728D8E} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2013-07-26] (Acer Incorporated)
Task: {0395EEBF-45D1-4925-A431-EA6354BB09F1} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2013-08-02] (Acer Incorporate)
Task: {06431306-E630-4261-89F1-3D8C86CE48FD} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-09-12] (Acer Incorporated)
Task: {30481248-3D6F-45FF-B19C-885019FFF52B} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {39F97378-9FE6-4A41-98E6-3F062E2ECBA8} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {6F629D16-F710-44CD-8F5E-D36F361DAB2A} - \Optimize Start Menu Cache Files-S-1-5-21-1301906094-2708059981-772469347-1001 No Task File <==== ATTENTION
Task: {75447B04-CF95-4564-A2D7-F413A706D9AA} - \Optimize Start Menu Cache Files-S-1-5-21-1301906094-2708059981-772469347-500 No Task File <==== ATTENTION
Task: {BB169B6C-F512-4342-A738-EA3897EE3FA8} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {CE4E985C-2A0B-4D7F-8427-3143897146F1} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-09] ()
Task: {F3EA5A20-19D5-4B70-926B-767C8D3AD0AB} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1301906094-2708059981-772469347-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FBEC0E58-C1EB-4196-83AA-1C7013633EEC}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{F0F35B2B-F260-4202-A013-672749ECB444}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{A66AC066-D442-4DEF-AC54-FC00CA747300}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{37A99701-B951-450C-BE47-728E41053292}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3EC85CED-DDFA-4ADB-BEFB-2F133DCEF924}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{E1E87576-84A3-4FCE-8498-A9E2B1ADB11C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{B849D2BF-DE86-48D7-BEE0-BA06413306F7}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{B777F780-DC76-4D69-98DE-E327EC303792}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{5D8692B8-7D00-491E-B472-DC8C76FE721E}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{4271EC62-8E65-4153-BE8A-4EBA9E99EE56}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{6B1C96DA-81B8-4A03-9A72-7897F566162C}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{0E8A9AD5-A3B9-4691-88DD-477359C190B3}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{21225AA5-FFF0-4A1D-906E-3FE40776947D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{B766FD03-2C3F-4829-A199-D6E9546548E1}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{B888B320-7B41-409D-BDFB-7896CFD8BDD8}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{C8D5E049-A930-4E4A-AAF4-2139129E9568}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{B57B2FFD-B3A3-42D1-A198-8412DC226E7F}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{C9CD9BAC-D29F-435C-8ABF-C803724208B3}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{48EEDD6B-2425-40F3-BFD6-66D5550C756D}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{F9A27917-72F2-410C-92D4-5CCA80ED2840}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{1549E031-40ED-4F5A-9E22-2053A8F412AD}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{0990E0FD-E1DA-4F55-99CE-EB2531743F02}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{3DCC0CBC-2A07-4C6E-8376-4D0301CB149D}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{A87C6606-9CEC-4A5A-8678-C6F3964A9C0A}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{5B826362-34AB-4EC2-8BF5-02F86D3EBB8A}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{CF0EFCC1-42C6-4217-8094-816A18970703}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{61E91829-2C68-4C39-9F1B-6E68AEDA9D51}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{93FD0020-8580-476A-86CD-E366191789E4}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{04BF56A4-A292-4462-80C3-E3AAE19F5A14}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{84DDD0EB-333C-49ED-9BC0-00E0D98ECA28}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{A5D6E112-D4A1-48C2-B66F-7B210B348430}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{7C0EC650-849A-4797-9402-18696B72B896}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{85F235CB-09CC-44E6-A53D-DC63C5102CA1}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{45A1CF4D-3D14-4091-96A1-96EEF81F8AAF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/26/2015 10:40:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/26/2015 09:17:55 AM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. 

Kontext: Windows Anwendung


Details:
	Nicht genügend Quoten, um den angeforderten Dienst auszuführen.  (HRESULT : 0x800705ad) (0x800705ad)

Error: (05/26/2015 09:06:25 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/26/2015 08:22:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT)
Description: a7f42014

Error: (05/26/2015 08:21:52 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT)
Description: a7f42014

Error: (05/26/2015 08:21:30 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT)
Description: a7f42014

Error: (05/26/2015 08:21:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT)
Description: a7f42014

Error: (05/26/2015 08:21:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT)
Description: a7f42014

Error: (05/26/2015 08:20:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT)
Description: a7f42014

Error: (05/26/2015 08:19:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT)
Description: a7f42014


System errors:
=============
Error: (05/26/2015 10:48:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/26/2015 10:48:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/26/2015 10:48:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/26/2015 10:48:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Quick Access RadioMgr Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/26/2015 10:48:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Quick Access Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/26/2015 10:48:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "McAfee Firewall Core Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/26/2015 10:48:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "McAfee Validation Trust Protection Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/26/2015 10:48:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "McAfee SiteAdvisor Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/26/2015 10:48:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/26/2015 10:48:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Elan Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (05/26/2015 10:40:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/26/2015 09:17:55 AM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Kontext: Windows Anwendung


Details:
	Nicht genügend Quoten, um den angeforderten Dienst auszuführen.  (HRESULT : 0x800705ad) (0x800705ad)
C:\

Error: (05/26/2015 09:06:25 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/26/2015 08:22:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT)
Description: a7f42014

Error: (05/26/2015 08:21:52 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT)
Description: a7f42014

Error: (05/26/2015 08:21:30 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT)
Description: a7f42014

Error: (05/26/2015 08:21:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT)
Description: a7f42014

Error: (05/26/2015 08:21:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT)
Description: a7f42014

Error: (05/26/2015 08:20:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT)
Description: a7f42014

Error: (05/26/2015 08:19:27 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT-AUTORITÄT)
Description: a7f42014


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU N3520 @ 2.16GHz
Percentage of memory in use: 28%
Total physical RAM: 3979.34 MB
Available physical RAM: 2854.25 MB
Total Pagefile: 8075.34 MB
Available Pagefile: 6462.16 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:448.69 GB) (Free:417.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D797163E)

Partition: GPT Partition Type.

==================== End of log ============================
         
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by Michelle' (administrator) on MICHELLE on 26-05-2015 11:00:03
Running from C:\Users\Michelle'\Downloads
Loaded Profiles: Michelle' (Available Profiles: Michelle')
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-10-02] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1301906094-2708059981-772469347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1301906094-2708059981-772469347-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1301906094-2708059981-772469347-1001 -> {BBD081BD-B80A-44B3-9036-F248AC630BC4} URL = 
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-13] ()
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-11-27]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-26]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) []
S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2650696 2013-07-26] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
S2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-10-02] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) []
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) []
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-04-29] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
S3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
S3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 10:59 - 2015-05-26 10:59 - 00023734 _____ () C:\Users\Michelle'\Downloads\FRST1.txt
2015-05-26 10:50 - 2015-05-26 10:50 - 00000996 _____ () C:\Users\Michelle'\Desktop\JRT.txt
2015-05-26 10:47 - 2015-05-26 10:47 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MICHELLE-Windows-8.1-(64-bit).dat
2015-05-26 10:47 - 2015-05-26 10:47 - 00000000 ____D () C:\RegBackup
2015-05-26 10:46 - 2015-05-26 10:46 - 02946703 _____ (Thisisu) C:\Users\Michelle'\Downloads\JRT.exe
2015-05-26 10:42 - 2015-05-26 10:42 - 02222592 _____ () C:\Users\Michelle'\Downloads\AdwCleaner_4.205 (1).exe
2015-05-26 10:21 - 2015-05-26 10:21 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-26 10:13 - 2015-05-26 10:18 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-26 10:13 - 2015-05-26 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-26 10:12 - 2015-05-26 10:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-26 10:12 - 2015-05-26 10:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-26 10:12 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-26 10:12 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-26 10:12 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-26 10:11 - 2015-05-26 10:11 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Michelle'\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-26 09:16 - 2015-05-26 09:16 - 00022585 _____ () C:\Users\Michelle'\Desktop\Addition.txt
2015-05-26 09:15 - 2015-05-26 09:15 - 00029413 _____ () C:\Users\Michelle'\Desktop\FRST.txt
2015-05-26 09:01 - 2015-05-26 09:16 - 00022585 _____ () C:\Users\Michelle'\Downloads\Addition.txt
2015-05-26 09:00 - 2015-05-26 11:00 - 00008828 _____ () C:\Users\Michelle'\Downloads\FRST.txt
2015-05-26 08:59 - 2015-05-26 09:00 - 02108928 _____ (Farbar) C:\Users\Michelle'\Downloads\FRST64.exe
2015-05-26 08:18 - 2015-05-26 08:18 - 00005093 _____ () C:\Users\Michelle'\Desktop\Gmer.txt
2015-05-26 07:53 - 2015-05-26 09:27 - 00010240 ___SH () C:\Users\Michelle'\Desktop\Thumbs.db
2015-05-26 06:11 - 2015-05-26 06:11 - 00000000 _____ () C:\Recovery.txt
2015-05-26 02:00 - 2015-05-26 02:00 - 00000000 ____D () C:\Users\Michelle'\AppData\Local\Acer Aspire R7 Tutorial
2015-05-26 01:41 - 2015-05-26 01:42 - 00855224 _____ () C:\Windows\Minidump\052615-30078-01.dmp
2015-05-26 01:41 - 2015-05-26 01:41 - 434629463 _____ () C:\Windows\MEMORY.DMP
2015-05-26 01:41 - 2015-05-26 01:41 - 00000000 ____D () C:\Windows\Minidump
2015-05-26 01:28 - 2015-05-26 01:28 - 02223104 _____ () C:\Users\Michelle'\Downloads\adwcleaner_4.205.exe
2015-05-26 00:55 - 2015-05-26 00:57 - 207437104 _____ () C:\Users\Michelle'\Downloads\avira_antivirus_de-de_15.0.10.434.exe
2015-05-26 00:12 - 2015-05-26 00:12 - 00380416 _____ () C:\Users\Michelle'\Downloads\Gmer-19357 (1).exe
2015-05-26 00:12 - 2015-05-26 00:12 - 00380416 _____ () C:\Users\Michelle'\Desktop\Gmer-19357.exe
2015-05-25 23:56 - 2015-05-26 11:00 - 00000000 ____D () C:\FRST
2015-05-25 23:52 - 2015-05-25 23:53 - 00000480 _____ () C:\Users\Michelle'\Desktop\defogger_disable.log
2015-05-25 23:52 - 2015-05-25 23:52 - 00000000 _____ () C:\Users\Michelle'\defogger_reenable
2015-05-25 22:28 - 2015-05-26 10:43 - 00000000 ____D () C:\AdwCleaner
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Programme
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2015-05-25 21:12 - 2015-05-25 21:12 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2015-05-25 21:03 - 2015-05-25 21:03 - 00000000 ____D () C:\ProgramData\Riot Games
2015-05-25 21:00 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-05-25 21:00 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-05-25 21:00 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-05-25 21:00 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-05-25 21:00 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-05-25 20:59 - 2015-05-25 20:59 - 00001625 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2015-05-25 20:59 - 2015-05-25 20:59 - 00000000 ____D () C:\Riot Games
2015-05-25 20:43 - 2015-05-25 21:00 - 00000000 ____D () C:\Users\Michelle'\AppData\Roaming\Riot Games
2015-05-25 20:41 - 2015-05-25 20:42 - 30668968 _____ (Riot Games) C:\Users\Michelle'\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe
2015-05-25 20:40 - 2015-05-25 20:40 - 00000000 ____D () C:\Users\Michelle'\AppData\Roaming\Macromedia
2015-05-25 20:29 - 2015-05-25 20:29 - 00000000 ____D () C:\Users\Public\Pokki
2015-05-25 20:28 - 2015-05-26 07:51 - 00000000 ____D () C:\Users\Michelle'\AppData\Local\clear.fi
2015-05-25 20:28 - 2015-05-25 20:28 - 00000000 ____D () C:\Users\Michelle'\PicStream
2015-05-25 20:26 - 2015-05-25 20:26 - 00001770 _____ () C:\Users\Public\Desktop\Online kaufen.lnk
2015-05-25 20:26 - 2015-05-25 20:26 - 00001454 _____ () C:\Users\Michelle'\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-25 20:26 - 2015-05-25 20:26 - 00001276 _____ () C:\Users\Michelle'\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Realtek HD Audio-Manager.lnk
2015-05-25 20:26 - 2015-05-25 20:26 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-25 20:26 - 2015-05-25 20:26 - 00000000 ____D () C:\Users\Michelle'\AppData\Roaming\Atheros
2015-05-25 20:26 - 2015-05-25 20:26 - 00000000 ____D () C:\Users\Michelle'\AppData\Roaming\Adobe
2015-05-25 20:26 - 2015-05-25 20:26 - 00000000 ____D () C:\Users\Michelle'\AppData\Local\VirtualStore
2015-05-25 20:26 - 2015-05-25 20:26 - 00000000 ____D () C:\ProgramData\OEM_YAHOO
2015-05-25 20:26 - 2015-05-25 20:26 - 00000000 ____D () C:\Program Files\Accessory Store
2015-05-25 20:26 - 2015-05-25 20:26 - 00000000 ____D () C:\Program Files (x86)\OEM
2015-05-25 20:25 - 2015-05-26 10:13 - 00000000 ____D () C:\Users\Michelle'
2015-05-25 20:25 - 2015-05-25 20:27 - 00000000 ____D () C:\Users\Michelle'\AppData\Local\Packages
2015-05-25 20:25 - 2015-05-25 20:25 - 00000020 ___SH () C:\Users\Michelle'\ntuser.ini
2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\Vorlagen
2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\Startmenü
2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\Netzwerkumgebung
2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\Lokale Einstellungen
2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\Eigene Dateien
2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\Druckumgebung
2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\Documents\Eigene Musik
2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\Documents\Eigene Bilder
2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\AppData\Local\Verlauf
2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\AppData\Local\Anwendungsdaten
2015-05-25 20:25 - 2015-05-25 20:25 - 00000000 _SHDL () C:\Users\Michelle'\Anwendungsdaten
2015-05-25 20:25 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Michelle'\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-25 20:25 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Michelle'\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-25 20:25 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Michelle'\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-25 20:25 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Michelle'\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-21 15:36 - 2013-12-22 05:25 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 09:34 - 2013-12-22 05:25 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat
2015-05-26 11:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-26 10:32 - 2013-12-22 05:02 - 00287738 _____ () C:\Windows\WindowsUpdate.log
2015-05-26 10:18 - 2013-12-22 13:46 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2015-05-26 10:18 - 2013-12-22 13:46 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2015-05-26 10:18 - 2013-11-27 11:55 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-26 10:14 - 2013-11-27 12:22 - 00000000 ____D () C:\ProgramData\McAfee
2015-05-26 10:14 - 2013-11-27 12:22 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-05-26 10:14 - 2013-11-27 12:22 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-05-26 10:14 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-26 10:13 - 2013-11-27 11:49 - 00203524 _____ () C:\Windows\PFRO.log
2015-05-26 07:47 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-26 06:10 - 2013-08-22 17:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2015-05-26 01:55 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-05-26 01:42 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-05-25 21:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-05-25 21:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-05-25 21:12 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default
2015-05-25 21:11 - 2013-08-22 16:44 - 00335992 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-25 20:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\restore
2015-05-25 20:32 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-25 20:27 - 2013-12-22 05:48 - 00003546 _____ () C:\Windows\System32\Tasks\Norton Online Backup ARA
2015-05-25 20:27 - 2013-12-22 05:48 - 00000000 ____D () C:\ProgramData\Norton
2015-05-25 20:26 - 2013-12-22 13:36 - 00003467 _____ () C:\Windows\patch.log
2015-05-25 20:26 - 2013-11-27 11:48 - 00000000 ____D () C:\Windows\Panther
2015-05-25 20:26 - 2013-11-27 11:40 - 00000000 ___HD () C:\OEM
2015-05-25 20:26 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-25 20:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2015-05-25 20:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager
2015-05-25 20:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera

==================== Files in the root of some directories =======

2013-12-22 05:26 - 2013-12-22 05:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Michelle'\AppData\Local\Temp\0050331432627283mcinst.exe
C:\Users\Michelle'\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-11-27 11:49

==================== End of log ============================
         

Alt 26.05.2015, 21:56   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score) - Standard

Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score)



Die Hälfte der angeforderten Logs fehlt...
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.05.2015, 13:00   #9
SheWolf729
 
Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score) - Standard

Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score)



Da beide Programme nichts gefunden haben also der Adwcleaner und MBAM

Alt 27.05.2015, 13:07   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score) - Standard

Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score)



Bitte trotzdem immer alle Logs posten...
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score)
antivirus, avira, browser, cpu, crazy score, error, home, iexplore.exe, installation, internet, internet explorer, launch, problem, programm, realtek, registry, rundll, scan, services.exe, siteadvisor, software, spyhunter, svchost.exe, symantec, system, viren, werbung, werkeinstellungen, wlan



Ähnliche Themen: Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score)


  1. Vielen Dank an Cosinus bei Bereinigung von Crazy Score
    Lob, Kritik und Wünsche - 13.06.2015 (1)
  2. Windows 8.1: Crazy Score eingefangen
    Log-Analyse und Auswertung - 13.06.2015 (17)
  3. Trojan.BitcoinMiner, Werbung trotz AdBlocker, neue Tabs mit Werbung werden automatisch geöffnet und vieles mehr.
    Log-Analyse und Auswertung - 02.03.2015 (23)
  4. Lässtige werbung trotz addblock
    Log-Analyse und Auswertung - 06.01.2015 (19)
  5. Werbung trotz Adblock & co.
    Plagegeister aller Art und deren Bekämpfung - 05.01.2015 (10)
  6. Ständige Pop-Ups trotz AdBlocker / Unerwünschte Werbung
    Plagegeister aller Art und deren Bekämpfung - 10.05.2014 (16)
  7. Bombadierung von Werbung trotz Add-Ons
    Plagegeister aller Art und deren Bekämpfung - 05.03.2014 (15)
  8. RightCoupon Werbung trotz Addablock
    Log-Analyse und Auswertung - 03.03.2014 (13)
  9. Werbung trotz Addblocker Plus. Funktioniert nicht.
    Log-Analyse und Auswertung - 22.01.2014 (9)
  10. Werbung in Chrome trotz Adblock
    Plagegeister aller Art und deren Bekämpfung - 12.01.2014 (13)
  11. Mit Spyhunter 47 Bedrohungen gefunden, Spyhunter wurde aber wieder deinstalliert.
    Log-Analyse und Auswertung - 25.10.2013 (9)
  12. Werbung bei Chrome - trotz Adblock seltsame Werbung
    Plagegeister aller Art und deren Bekämpfung - 16.09.2013 (5)
  13. Relevant Knowledge und Market Score gefunden bei Malwarebytes Quick-Scan
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (33)
  14. Win 7 Start Button going crazy
    Plagegeister aller Art und deren Bekämpfung - 26.05.2011 (1)
  15. Werbung trotz URL-Eingabe
    Log-Analyse und Auswertung - 06.04.2007 (10)
  16. Euer 3D Mark 2003 Score ...
    Netzwerk und Hardware - 15.03.2003 (17)

Zum Thema Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score) - Hallöchen, ^-^ folgendes.. ich habe mir vor ein paar Tagen eine Datei heruntergeladen, undzwar Sony Vegas 12 und war dabei das Teil zu installieren. Blöderweise habe ich wohl nicht alles - Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score)...
Archiv
Du betrachtest: Win 8: Trotz zurücksetzen auf Werkeinstellungen Werbung (spyhunter,crazy score) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.