Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 8 / Firefox russische Po-ups behindern normales Surfen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.09.2015, 16:36   #1
cybercarsten
 
Windows 8 / Firefox  russische Po-ups behindern normales Surfen - Standard

Windows 8 / Firefox russische Po-ups behindern normales Surfen



Hallo liebes Trojaner-Board Team,

der Windows 8 Laptop meiner Frau hat ein uebles (sorry, brasilianische Tastatur) Adware-Problem. Im Sekundenabstand erscheinen Pop-ups oder neue Fenster, meist von russischen Absendern. Alle Versuche mit Pop-up-Blockern, Ad-Blockern und Malwarebytes haben nicht wirklich geholfen. Ich habe die ueblichen Scans durchgefuehrt und poste sie hier:


Malwarebytes von heute:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 12/09/2015
Scan Time: 10:03
Logfile: MWB20150912.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.12.02
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Monica

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356644
Time Elapsed: 23 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 7
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-1, Delete-on-Reboot, [fa08121dfc8fe0565d3894f8d92bbb45], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-11, Delete-on-Reboot, [ae543ff07912de581085b4d808fc0000], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-2, Delete-on-Reboot, [f012e9464d3ee5512372b8d4c143af51], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-3, Delete-on-Reboot, [eb170926cebd10262e672c603fc5768a], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-4, Delete-on-Reboot, [c73be946f99276c0049159338f755fa1], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-5, Delete-on-Reboot, [14eebd722e5dee48f69f810b6b99b44c], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-5_user, Delete-on-Reboot, [2ed468c7acdff244a4f1a6e6b74df40c], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.InstallCore, C:\Users\Monica\AppData\Local\Temp\nsn2AEB.tmp, Quarantined, [56acb37c8ffc43f30ff75666a25f31cf], 
PUP.Optional.InstallCore, C:\Users\Monica\AppData\Local\Temp\ICReinstall_nsn2AEB.tmp, Quarantined, [7d85b6790e7d1f1744c2e7d58978a25e], 
PUP.Optional.APNToolBar, C:\Windows\Temp\7zSEB0D.tmp\Offercast346_AVG_.exe, Quarantined, [13efc768b1da6fc71d9efabe34cd847c], 
PUP.Optional.APNToolBar, C:\Windows\Temp\oc_F108\OCDLL.dll, Quarantined, [e81ae748b1dae84e16a52d8b9e63b749], 

Physical Sectors: 0
(No malicious items detected)


(end)
         
McAfee logfile:

Code:
ATTFilter
7/5/2014	5:19:13 PM	"C:\Users\Monica\AppData\Local\Temp\A298tmp\jfilemanagersetup.exe"	"Artemis!C27E418EE71E"	"2"

7/5/2014	5:19:21 PM	"C:\Users\Monica\AppData\Local\Microsoft\Windows\INetCache\IE\BERXUL82\JFileManagerSetup[1].exe"	"Artemis!C27E418EE71E"	"2"

7/5/2014	5:58:12 PM	"C:\Users\Monica\AppData\Local\Temp\is-S0HIC.tmp\dm.exe"	"Artemis!775CCF751159"	"3"

7/12/2014	7:30:09 AM	"C:\Program Files (x86)\v01BlockAndSurf\v01BlockAndSurfdY174.exe"	"Artemis!55BCF45239D2"	"3"

7/12/2014	7:30:11 AM	"C:\Program Files (x86)\v01BlockAndSurf\wdBlockAndSurfR.exe"	"Artemis!D72CA74E70B9"	"3"

7/12/2014	7:32:04 AM	"C:\Program Files (x86)\v01BlockAndSurf\v01BlockAndSurfdY174.exe"	"Artemis!55BCF45239D2"	"3"

7/12/2014	7:32:04 AM	"C:\Program Files (x86)\v01BlockAndSurf\wdBlockAndSurfR.exe"	"Artemis!D72CA74E70B9"	"3"

8/13/2015	9:55:33 AM	"E:\1818.lnk"	"JS/Downloader!lnk"	"1"

8/13/2015	9:55:34 AM	"E:\autorun.inf.lnk"	"JS/Downloader!lnk"	"1"

8/13/2015	9:55:34 AM	"E:\Prozesse.lnk"	"JS/Downloader!lnk"	"1"
         


GMER von heute:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-09-12 09:55:29
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002b WDC_WD5000LPVX-22V0TT0 rev.01.01A01 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Monica\AppData\Local\Temp\pwldypod.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                                                                                                                             fffff960001bf300 15 bytes [00, 0B, F2, 01, 00, 06, 6C, ...]
.text    C:\Windows\System32\win32k.sys!W32pServiceTable + 16                                                                                                                                                                                                        fffff960001bf310 8 bytes [00, D7, FB, FF, 00, D3, CD, ...]

---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\csrss.exe [664:688]                                                                                                                                                                                                                     fffff960008912d0
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [5204:5220]                                                                                                                                                                                              00007ffa89975aa0
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [5204:3432]                                                                                                                                                                                              00007ffa8a0812c0
---- Processes - GMER 2.1 ----

Library  c:\users\monica\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsn1f48.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580](2015-09-12 12:20:10)                                       0000000002f20000
Library  C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24)           000000006fe10000
Library  C:\Users\Monica\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30)                                                           000000004a900000
Library  C:\Users\Monica\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30)                                                         00000000057e0000
Library  C:\Users\Monica\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30)                                                           000000004ad00000
Library  C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28)        000000006f9f0000
Library  C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)            000000006f560000
Library  C:\Users\Monica\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580](2015-03-04 21:45:30)                                                                                        00000000734f0000
Library  C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)        000000006c190000
Library  C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)         000000006b010000
Library  C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)          000000006adf0000
Library  C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)            000000006ab50000
Library  C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)            000000006ab20000
Library  C:\Users\Monica\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580](2015-03-04 21:45:30)                                                                                           0000000073950000
Library  C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28)  000000006a760000
Library  C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)         000000006a720000
Library  C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)   000000006a650000
Library  C:\Users\Monica\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580](2015-03-04 21:45:30)                                                                       0000000073960000
Library  C:\Users\Monica\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580](2015-03-04 21:45:30)                                                                       0000000073350000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                                                       unknown MBR code

---- EOF - GMER 2.1 ----
         
FRST von heute:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
Ran by Monica (administrator) on MONICA (12-09-2015 09:30:39)
Running from C:\Users\Monica\Downloads
Loaded Profiles: Monica (Available Profiles: Monica)
Platform: Windows 8.1 Single Language (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dropbox, Inc.) C:\Users\Monica\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.6.1008.0\McCSPServiceHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\ARA.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2015-07-27] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3792598364-1687661706-653696805-1001\...\Run: [Dropbox Update] => C:\Users\Monica\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-07-27] ()
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-18] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-18] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-18] (Acer Incorporated)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-12-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52812;https=127.0.0.1:52812
Hosts: 0.0.0.1	mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 89.248.166.149 8.8.8.8
Tcpip\..\Interfaces\{7B40D5F3-8CB1-4B0F-AF03-7785EE67636D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BCA91B0F-7C70-41BA-A4FA-BAB10466C94F}: [DhcpNameServer] 89.248.166.149 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3792598364-1687661706-653696805-1001 -> DefaultScope {9398AD76-4E30-43A2-99DD-236C1B42E630} URL = hxxps://br.search.yahoo.com/search?fr=mcafee&type=C011BR0D20140722&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3792598364-1687661706-653696805-1001 -> {9398AD76-4E30-43A2-99DD-236C1B42E630} URL = hxxps://br.search.yahoo.com/search?fr=mcafee&type=C011BR0D20140722&p={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-07] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-07] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-07-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-07-21] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\p4fqrnbh.default
FF Homepage: hxxp://www.google.com.br/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-07-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-07] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-07-21] ()
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-05-01] (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF Extension: Block site - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\p4fqrnbh.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-06-07]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\p4fqrnbh.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-05-17]
FF Extension: Strict Pop-up Blocker - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\p4fqrnbh.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2015-09-03]
FF Extension: Video DownloadHelper - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\p4fqrnbh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-15]
FF Extension: Adblock Plus - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\p4fqrnbh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-20]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-11-01]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-25]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-07-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-16] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-07-21] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-07-21] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
S4 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-05-01] (Nitro PDF Software)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2014-11-12] (The OpenVPN Project)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-07-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-12 09:30 - 2015-09-12 09:31 - 00021485 _____ C:\Users\Monica\Downloads\FRST.txt
2015-09-12 09:29 - 2015-09-12 09:30 - 00000000 ____D C:\FRST
2015-09-12 09:29 - 2015-09-12 09:29 - 02190848 _____ (Farbar) C:\Users\Monica\Downloads\FRST64.exe
2015-09-11 07:46 - 2015-09-02 23:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-11 07:46 - 2015-09-02 23:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-11 07:46 - 2015-09-02 15:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-11 07:46 - 2015-09-02 14:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-11 07:46 - 2015-07-22 11:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-11 07:46 - 2015-07-22 10:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-11 07:46 - 2015-07-17 11:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-11 07:46 - 2015-07-17 11:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-11 07:46 - 2015-07-09 13:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-09-11 07:46 - 2015-07-03 18:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-11 07:46 - 2015-07-03 11:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-09-11 07:46 - 2015-06-27 08:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-11 07:46 - 2015-06-19 14:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-09-11 07:45 - 2015-07-13 16:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml
2015-09-11 07:45 - 2015-07-10 16:06 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2015-09-10 21:49 - 2015-09-10 21:49 - 00330240 _____ C:\Users\Monica\Downloads\TP4 present simple.ppt
2015-09-09 07:38 - 2015-08-26 23:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 07:38 - 2015-08-26 15:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-09 07:38 - 2015-08-26 15:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-09 07:38 - 2015-08-26 15:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-09 07:38 - 2015-08-26 15:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-09 07:38 - 2015-08-26 11:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 07:38 - 2015-08-26 11:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 07:38 - 2015-08-26 11:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 07:38 - 2015-08-26 11:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-09 07:38 - 2015-08-26 11:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 07:38 - 2015-08-26 11:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 07:38 - 2015-08-26 11:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 07:37 - 2015-07-30 14:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 07:37 - 2015-07-30 13:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-09 07:36 - 2015-08-22 15:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 07:36 - 2015-08-22 14:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 07:36 - 2015-08-22 14:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 07:36 - 2015-08-22 14:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 07:36 - 2015-08-22 14:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 07:36 - 2015-08-22 14:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 07:36 - 2015-08-22 13:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 07:36 - 2015-08-22 13:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 07:36 - 2015-08-22 13:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-09 07:36 - 2015-08-22 13:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 07:36 - 2015-08-22 13:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-09 07:36 - 2015-08-22 13:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 07:36 - 2015-08-22 13:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 07:36 - 2015-08-22 13:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 07:36 - 2015-08-22 13:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 07:36 - 2015-08-22 13:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 07:36 - 2015-08-22 13:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 07:36 - 2015-08-22 13:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 07:36 - 2015-08-22 13:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-09 07:36 - 2015-08-22 13:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 07:36 - 2015-08-22 13:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-09 07:36 - 2015-08-22 13:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 07:36 - 2015-08-22 13:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 07:36 - 2015-08-22 13:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 07:36 - 2015-08-22 13:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 07:36 - 2015-08-22 13:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 07:36 - 2015-08-22 13:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 07:36 - 2015-08-22 12:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 07:36 - 2015-08-22 12:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 07:36 - 2015-07-22 11:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 07:36 - 2015-07-22 11:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-09 07:36 - 2015-07-22 11:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-09 07:36 - 2015-07-22 11:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 07:36 - 2015-07-18 15:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-09 07:36 - 2015-07-18 15:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-09 07:36 - 2015-07-18 15:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-09 07:36 - 2015-07-18 15:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-09 07:35 - 2015-09-01 23:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 07:35 - 2015-09-01 23:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 07:35 - 2015-09-01 23:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 07:35 - 2015-09-01 23:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-09 07:35 - 2015-09-01 23:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-09 07:35 - 2015-08-03 18:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 07:35 - 2015-08-03 18:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-09 07:35 - 2015-08-01 11:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 07:35 - 2015-08-01 00:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-09 07:35 - 2015-08-01 00:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-09 07:35 - 2015-08-01 00:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 07:35 - 2015-08-01 00:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-09 07:35 - 2015-08-01 00:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-09 07:35 - 2015-07-14 00:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
2015-08-27 19:18 - 2015-08-27 19:18 - 01734144 _____ C:\Users\Monica\Downloads\lesson3.ppt
2015-08-27 16:31 - 2015-09-12 09:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-20 20:42 - 2015-08-20 20:44 - 27555912 _____ C:\Users\Monica\Downloads\Luxury Lifestyle.avi
2015-08-19 04:52 - 2015-08-19 04:52 - 00003334 _____ C:\Windows\System32\Tasks\AcerCloud
2015-08-19 04:52 - 2015-08-19 04:52 - 00002028 _____ C:\Users\Public\Desktop\Acer Portal.lnk
2015-08-13 22:50 - 2015-08-13 22:50 - 01279488 _____ C:\Users\Monica\Downloads\Quiz pronouns possessive.xls
2015-08-13 22:50 - 2015-08-13 22:50 - 00389632 _____ C:\Users\Monica\Downloads\regrets.pps
2015-08-13 22:49 - 2015-08-13 22:49 - 02560000 _____ C:\Users\Monica\Downloads\L1 pronouns.ppt
2015-08-13 22:49 - 2015-08-13 22:49 - 02560000 _____ C:\Users\Monica\Downloads\L1 pronouns.pps
2015-08-13 12:14 - 2015-07-30 11:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 12:14 - 2015-07-30 10:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 10:02 - 2015-08-13 10:04 - 00000000 ____D C:\backup SONY 4GB
2015-08-13 09:24 - 2015-06-11 17:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-08-13 09:24 - 2015-06-11 17:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-08-13 09:23 - 2015-06-12 14:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-08-13 09:23 - 2015-06-12 13:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-13 09:22 - 2015-07-28 20:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-13 09:22 - 2015-07-28 11:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-13 09:22 - 2015-07-28 11:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-13 09:22 - 2015-07-28 11:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-13 09:22 - 2015-07-28 11:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-13 09:22 - 2015-07-28 11:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-13 09:22 - 2015-07-28 11:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-13 09:20 - 2015-07-07 06:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-08-13 09:20 - 2015-07-07 06:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-08-13 09:20 - 2015-07-07 06:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-08-13 09:19 - 2015-07-14 18:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-08-13 09:19 - 2015-07-14 18:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-08-13 09:19 - 2015-07-14 18:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-21 10:36 - 2014-02-05 19:33 - 00000852 _____ C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 04:34 - 2014-02-05 19:33 - 00000712 _____ C:\Windows\system32\Drivers\RTMICEQ0.dat
2015-09-12 09:28 - 2014-07-02 17:12 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3792598364-1687661706-653696805-1001
2015-09-12 09:23 - 2014-02-06 00:45 - 00774900 _____ C:\Windows\system32\prfh0416.dat
2015-09-12 09:23 - 2014-02-06 00:45 - 00158494 _____ C:\Windows\system32\prfc0416.dat
2015-09-12 09:23 - 2013-11-01 08:36 - 01797166 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-12 09:22 - 2014-02-05 19:03 - 01228430 _____ C:\Windows\WindowsUpdate.log
2015-09-12 09:19 - 2014-07-02 17:10 - 00000000 __RDO C:\Users\Monica\SkyDrive
2015-09-12 09:17 - 2013-08-22 11:46 - 00032533 _____ C:\Windows\setupact.log
2015-09-12 09:17 - 2013-08-22 11:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-12 09:17 - 2013-08-22 11:44 - 00362728 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-12 09:15 - 2014-07-05 18:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-12 09:15 - 2013-11-01 08:23 - 00874232 _____ C:\Windows\PFRO.log
2015-09-12 09:15 - 2013-08-22 10:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-12 09:12 - 2013-08-22 16:12 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-12 09:12 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-12 09:11 - 2014-07-02 18:10 - 00000000 ____D C:\Windows\system32\MRT
2015-09-12 09:02 - 2015-07-31 10:18 - 00024145 _____ C:\Users\Monica\Documents\promotoria.odt
2015-09-12 09:01 - 2014-07-02 21:26 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-12 09:00 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-12 08:54 - 2014-07-02 19:15 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7A32C733-5B5E-4645-84DD-67B52D44E8A1}
2015-09-11 11:49 - 2013-08-22 12:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-11 11:08 - 2013-08-22 10:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-09-11 06:01 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-10 21:53 - 2014-07-20 08:02 - 00309248 ___SH C:\Users\Monica\Downloads\Thumbs.db
2015-09-09 07:15 - 2014-07-02 23:18 - 00000000 ____D C:\Users\Monica\AppData\Local\CrashDumps
2015-09-08 08:23 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\rescache
2015-09-05 05:37 - 2014-09-10 14:33 - 00553984 ___SH C:\Users\Monica\Documents\Thumbs.db
2015-08-26 18:37 - 2014-07-02 18:10 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-23 17:18 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\NDF
2015-08-19 04:52 - 2013-11-01 08:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-08-19 04:46 - 2014-07-02 17:09 - 00000000 ____D C:\Users\Monica\AppData\Local\clear.fi
2015-08-17 10:25 - 2014-12-13 11:18 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-17 10:25 - 2014-07-10 11:16 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-17 10:25 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-17 10:25 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-17 10:25 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-17 10:25 - 2013-08-22 12:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-17 10:25 - 2013-08-22 12:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-13 12:10 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 12:10 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 12:10 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

==================== Files in the root of some directories =======

2014-11-26 17:39 - 2014-11-26 17:42 - 30896010 _____ () C:\Program Files\Passware Kit PRO.zip
2014-04-22 09:03 - 2014-04-22 09:03 - 123392946 _____ () C:\Program Files (x86)\openoffice1.cab
2014-04-22 09:01 - 2014-04-22 09:01 - 2310144 _____ () C:\Program Files (x86)\openoffice410.msi
2014-04-22 09:01 - 2014-04-22 09:01 - 0476160 _____ () C:\Program Files (x86)\setup.exe
2014-04-22 09:01 - 2014-04-22 09:01 - 0000279 _____ () C:\Program Files (x86)\setup.ini
2014-07-05 17:23 - 2014-07-05 17:23 - 0000266 _____ () C:\Users\Monica\AppData\Local\alwju.bat
2014-07-05 17:21 - 2014-07-05 17:21 - 0000266 _____ () C:\Users\Monica\AppData\Local\bncpb.bat
2014-07-05 17:18 - 2014-07-05 17:18 - 0000266 _____ () C:\Users\Monica\AppData\Local\ikuwyceg.bat
2014-07-05 17:25 - 2014-07-05 17:25 - 0000266 _____ () C:\Users\Monica\AppData\Local\isnpkup.bat
2014-07-05 17:31 - 2014-07-05 17:31 - 0000266 _____ () C:\Users\Monica\AppData\Local\lindinsi.bat
2014-07-05 17:19 - 2014-07-05 17:19 - 0591320 _____ (ClickMeIn Limited) C:\Users\Monica\AppData\Local\nspEA15.tmp
2014-07-05 17:27 - 2014-07-05 17:27 - 0000266 _____ () C:\Users\Monica\AppData\Local\timyfs.bat
2014-07-05 17:29 - 2014-07-05 17:29 - 0000266 _____ () C:\Users\Monica\AppData\Local\tyeljw.bat
2014-02-05 19:33 - 2014-02-05 19:33 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Monica\AppData\Local\Temp\8EDA.exe
C:\Users\Monica\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsn1f48.dll
C:\Users\Monica\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Monica\AppData\Local\Temp\nitro_reader3_64.exe
C:\Users\Monica\AppData\Local\Temp\octC2DF.tmp.exe
C:\Users\Monica\AppData\Local\Temp\Quarantine.exe
C:\Users\Monica\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-01 07:33

==================== End of FRST.txt ============================
         
FRST Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by Monica (2015-09-12 09:32:48)
Running from C:\Users\Monica\Downloads
Windows 8.1 Single Language (X64) (2014-07-02 20:07:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3792598364-1687661706-653696805-500 - Administrator - Disabled)
Convidado (S-1-5-21-3792598364-1687661706-653696805-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3792598364-1687661706-653696805-1003 - Limited - Enabled)
Monica (S-1-5-21-3792598364-1687661706-653696805-1001 - Administrator - Enabled) => C:\Users\Monica

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Antivírus e antispyware da McAfee  (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Antivírus e antispyware da McAfee  (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.08.2003 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.04.2004.0 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-3792598364-1687661706-653696805-1001\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.9.43466 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.07.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.09.2004.0 - Acer Incorporated)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.8 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.2.1.2 - Broadcom Corporation)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3126.57 - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-3792598364-1687661706-653696805-1001\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
Ferramentas do Visual Studio 2005 para Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.245 - SurfRight B.V.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4113 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.115 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-GB)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Nitro Reader 3 (HKLM\...\{E5660852-CBDA-4C17-9475-C0C0E5A4CFB4}) (Version: 3.5.3.14 - Nitro)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
OpenOffice 4.1.0 (HKLM-x32\...\{28B88897-774A-4005-BBFF-663B1F8EAA5A}) (Version: 4.10.9764 - Apache Software Foundation)
Passware Kit Professional 12.3 (HKLM-x32\...\{FFFF4FFA-3CC9-4EC1-845A-8B24027820E3}) (Version: 12.3.6332 - Passware)
PDF Split And Merge Basic (HKLM\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.3 - Andrea Vacondio)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.13 - Synaptics Incorporated)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

20-08-2015 17:36:08 Windows Update
31-08-2015 07:12:32 Windows Update
08-09-2015 15:27:34 Ponto de Verificação Agendado
12-09-2015 09:06:37 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 10:25 - 2015-08-11 14:54 - 00000854 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.1	mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F27EC7E-E8F1-4D6C-88D1-DBB19477BD39} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-11 -> No File <==== ATTENTION
Task: {10F98876-4BA0-4BA8-9E98-B7F46BDAD16F} - System32\Tasks\lindinsi => C:\Users\Monica\AppData\Local\lindinsi.bat [2014-07-05] ()
Task: {190DC44D-8E22-45F9-A675-5D78CA06A748} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-5_user -> No File <==== ATTENTION
Task: {202B0A4E-918B-4043-93A7-D81700F16E24} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-08-13] (Acer)
Task: {2BF73531-0812-442F-9C20-298864C2A821} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {2EA1FE73-FE03-4AF7-97F8-A58AB7D291F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {335486A0-07A8-44F5-A129-987F88214A7D} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-07-23] (Acer Incorporated)
Task: {3C7020F0-4BDB-4AA4-B34C-808F90E2F5E7} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {3F365E5C-C7BB-40F1-B0A1-6549DCE46748} - System32\Tasks\ikuwyceg => C:\Users\Monica\AppData\Local\ikuwyceg.bat [2014-07-05] ()
Task: {57493D84-9C8E-4615-9641-B22D812C6F75} - System32\Tasks\isnpkup => C:\Users\Monica\AppData\Local\isnpkup.bat [2014-07-05] ()
Task: {5BACF658-2447-4EE9-BD6B-67A1EF12175A} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-5 -> No File <==== ATTENTION
Task: {5E558A77-EABC-48A8-907C-A2856FA13AA3} - System32\Tasks\timyfs => C:\Users\Monica\AppData\Local\timyfs.bat [2014-07-05] ()
Task: {646B7114-B6C8-4ED3-BF80-743BA8FDB6FD} - System32\Tasks\tyeljw => C:\Users\Monica\AppData\Local\tyeljw.bat [2014-07-05] ()
Task: {65C76B99-C017-47DD-AAC9-1E3C75D833A9} - System32\Tasks\alwju => C:\Users\Monica\AppData\Local\alwju.bat [2014-07-05] ()
Task: {70FDF72B-6D2F-4B0E-8BFF-03C2957AD54A} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {7124E938-5E16-4442-B98D-EC5187990663} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate)
Task: {72D0B9F4-8143-4B6F-87C3-D306AF544271} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {75412B3F-992A-4759-9CB7-64225A7FB2BD} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-1 -> No File <==== ATTENTION
Task: {8831CF92-CBD4-45E3-A388-BA52CCB27FC4} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {98D21829-3B98-48A1-894F-6A625F8CCFC3} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {9BD3C0E8-3784-4E29-BF6B-77845CB8110D} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-2 -> No File <==== ATTENTION
Task: {A1775910-CDE8-43B3-9ED4-203C04B24E14} - System32\Tasks\bncpb => C:\Users\Monica\AppData\Local\bncpb.bat [2014-07-05] ()
Task: {A304EFB4-FE0F-45F7-8AFD-B62CF6EDE5B6} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-3 -> No File <==== ATTENTION
Task: {C16458BF-446D-469A-83E4-AB0E7F682EF5} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-4 -> No File <==== ATTENTION
Task: {D3DFA619-5149-4796-AC2D-BF89A73E4E9A} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {E5B91C5B-4900-4DB1-8BE0-51E7B7AB1DC6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {E8CFD0D5-62DF-4B73-B28B-6925F60E0925} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3792598364-1687661706-653696805-1001Core.job => C:\Users\Monica\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-07 00:48 - 2013-09-07 00:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 00:45 - 2013-09-07 00:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 00:52 - 2013-09-07 00:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-07-27 17:46 - 2015-07-27 17:46 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-09-12 09:20 - 2015-09-12 09:20 - 00043008 _____ () c:\users\monica\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsn1f48.dll
2015-03-04 18:45 - 2015-03-19 04:15 - 00750080 _____ () C:\Users\Monica\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 18:45 - 2015-03-19 04:15 - 00047616 _____ () C:\Users\Monica\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 18:45 - 2015-03-19 04:15 - 00865280 _____ () C:\Users\Monica\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 18:45 - 2015-03-19 04:15 - 00200704 _____ () C:\Users\Monica\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-02-05 19:26 - 2013-09-03 20:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00201568 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00653112 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00640352 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00118112 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-07-27 07:26 - 2015-07-27 07:26 - 00014176 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-07-23 16:08 - 2015-07-23 16:08 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-07-23 15:56 - 2015-07-23 15:56 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-08-13 20:48 - 2015-08-13 20:48 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-08-13 20:48 - 2015-08-13 20:48 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Monica\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Monica\Documents\Anderson pedido.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\Anderson pedido.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\autoriracao rateio 13 salario.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\autoriracao rateio 13 salario.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\Hotel pagamento.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\Hotel pagamento.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\OAB curso.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\OAB curso.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\Processo Anarilda Wellington.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Monica\Documents\rateio 13 salario.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\rateio 13 salario.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\T03 attendance 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\T03 attendance 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\T03 attendance 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\T03 attendance 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\T03 QT.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\T03 QT.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\T03 schedule.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\T03 schedule.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\Thyssen boleto.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\Thyssen boleto.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\Vienna Freud.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\Vienna Freud.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3792598364-1687661706-653696805-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 89.248.166.149 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{868B7A9A-3771-488A-953B-F26B35463F52}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{A6AAD695-9D85-43D8-8EF1-840D0D7225E8}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{D424EB46-FD6A-42B8-BF84-BAE5582EB53B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{878298F0-B10E-41D2-B924-10795C559E21}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{A95C9EAB-BCAF-487E-A78E-91A41FF59D77}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{5A01F964-4C54-4E28-A134-8B7737552A6C}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{5EB92DF1-D48E-476E-96D6-9EF4B001E2CD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{2882398B-6DF1-48C4-AD47-B83295F56AA7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{FFC1E2C4-C418-46D0-A9A6-704C2392E609}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{6DDB21F3-ADF3-4784-8261-85C4EDA81B72}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{AFAB4A6E-22ED-48DD-86FE-5BD3DDA901D1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{63611343-3981-4AB1-8B24-BD730C4B4616}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{638023C5-0CE1-460B-8E2B-27E1323D5745}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{7B8F9CDC-8B63-46E8-8B9C-9B41C5F71BCE}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{F61E21B8-A811-4390-8C48-F76709C647B4}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{32CB50FA-5ECE-4CE2-809A-62EEAD42AD73}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{D26B9193-3F07-4625-8CEA-AE17F9E69ABB}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{7F4E1D66-B2BB-4F19-AC59-0A323EE6CDA3}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{6A840E65-DA1B-429A-AF4F-73BE8B951184}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{271879EF-7A48-4758-BC5F-538D9F33B421}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{A875F548-50CF-42D6-BC9C-E20F305F33B4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{B5E3560E-AD87-44E5-959D-792E2648C3F4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{0A663979-5B49-4EB1-9654-114059C55B1D}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{4B3D8C37-3C44-43BD-9BF5-BD7436DDC9C1}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{2FA47325-1091-4631-949D-6C9E8250C8DC}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{7F7C622A-1DA4-4592-AB73-BF3AE172A9C4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{264CADAA-C8EB-4F77-8D5B-594862727558}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{056F5CE8-5D3B-4A98-8598-860442AF70D8}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{2CF087A2-0A94-4B1F-BF9E-E981076CF396}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{881BD0AC-6A1A-4B2A-BFB0-F082B355D0A5}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{0222F0C9-A388-4D48-9915-50C5FCCB1142}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{C2251342-C52A-4761-943B-C3F3754AA2BD}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{2CAD4F62-82BD-4EA4-AF23-3F27A35C56E0}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{D170B7FF-9CB2-40AE-ADFE-12DAFF0D6B0F}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{A2C5235E-F22F-440B-83BA-4904F19D3E6A}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{3A3BA756-49D5-4155-ABA4-294F4B07B8DB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{5B123DF9-9854-452A-9373-637B53F5C6A5}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{FAB3BB80-2F01-4864-9FC1-AFD08D68C346}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{97AEFD6C-C061-4DC0-B147-0337EA7112B6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{3016371D-2ED5-44FE-BF84-004194B3F1BA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{8E4DA2B1-732A-424C-97BD-35EF3D105D5E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{F5D63344-8AD3-4DED-A560-E2D440E6DFF2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{1FAEED5E-6B1F-4F0F-A11E-BCE5B072BC4D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{F676DF36-0BDF-4856-B392-1F6A6306A90B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{4EC186E5-B7C0-4F15-BC32-C651A7A227AB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{F4D1FF55-E8CA-41D6-86D6-A6EF82A19AC9}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{9E74EFCD-9DFA-4F18-BF63-D1FFD2C71BE6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{2279D5BE-86C8-4937-A4A0-9BAC04524933}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{C6CC19CE-1B50-436B-B62E-7726F68F04EB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{CF1E157F-3F22-4462-8C4D-D3AB28319EFC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{6F4A818D-11AC-4593-BE86-CD9E64036F6F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{AD378EB5-2202-4560-9DBF-BE2235558B64}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{8389B775-3C41-47F4-BFF9-990CC3A4A27F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{22F5B9FD-CE76-457B-A7E7-0496E8A080FC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{06F4BBC1-CB61-4B40-B1A7-D194A99EE9C6}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0700FB97-8510-4857-A77D-0FF68F36D201}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1C8272E6-B760-4020-A911-A4225A882F08}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{2CB13FF8-B673-44D5-9024-6FE67FC564E2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{ACD2B40B-E57F-434A-AC4B-380600317282}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{7A22DA6B-9407-4BB2-A534-2E62B3333879}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{8FB30E29-BE65-442D-A164-C99A40612211}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{93241890-2DF0-445D-B4FA-4D271080442F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{038E517A-F8C2-470B-B57D-3A67ED609DD7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{444045C5-0F26-48C0-90FE-A678CAD420FD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2683B2DC-283B-4E09-856A-1DF0CFB54C0B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B5C97B80-385A-4971-9BBA-50A2A50A5070}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{3D7D96BA-3AA9-4A42-972F-CBD7D0CCCA96}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8234C44A-6F09-4519-B0BF-F57B46BE901E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{9770236A-BBB4-449A-A3AC-543E9E723327}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6972A28D-638B-4845-B421-D43C05E704E9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{91D29E93-0FCC-422E-99DA-A79140AE1667}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{886C925C-7B24-4A60-BD0E-EEDB00A68225}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{8D6295D0-7866-4DFA-A082-CA65672C83E7}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{7D2507BC-57AB-463B-89F1-03C38F0873FB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{57BFAAEA-4599-4C09-A63D-973848853C49}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{F100F530-C53E-42F0-90E2-0A00FE65B221}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{685E26CF-218D-4DAE-8FC4-E00A50FFCDDC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{CF53BECB-D4BE-44C9-9591-3ACC9D266C14}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{5ED27DD8-EEA6-4F8D-AD5C-922D2BFF0EBE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{D370543C-6A16-44D1-8B83-1E728FC7A876}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{612263E9-0C35-426F-8083-D1ED98DAF474}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{2C80D9B6-D082-4612-99CA-5DD1B8E6DFC1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{B3A3E02C-117C-4FCF-B66D-6C5ADB6173EE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{E78972D7-698C-4FF9-B87A-8749A733DC17}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{FF7E2908-103A-4E7D-8763-6941211D8D12}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{F2530216-9564-4763-A2F4-3537C299A6F6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{04FB3D35-2674-47B4-BE20-BD5B46B49E50}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{614F8E57-FE70-4652-B4E3-2C0F6CDF5739}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{82E064D5-5985-46B1-9995-D310F28E8076}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{8FCAFA1A-BE1D-4F93-8FB8-C4EF2208262B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{4716CF87-62DD-4E66-9F84-3A1252EEF3E6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{F00DC467-E3CE-484D-B87A-BDA039004679}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{F0EEBE2B-9CFF-4337-865E-164A9A4FC8D6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{FBB3B59A-13F5-4C37-BAAA-31BD77C39EDE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{F5A9BDA5-972F-4680-9A57-C6C7E5BEF745}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{ED219CD8-B7F4-46B3-800F-55977BE9C13D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{BA2904AB-57F3-49BB-BA1E-4C238121F382}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{160DB14B-29FA-4EB2-A46D-FF04AA303BA3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CEFA2315-3CC7-46B4-BFCF-FF59B24E2844}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{EECC0A66-53B6-4BCD-9EDE-C0E6AB6058DE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{4BEE438A-6861-493F-8737-3E59DC612532}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{A5F84365-CD3A-4345-BE30-964F9895C84A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{9003A799-4235-4EC3-A690-BAF8ABA96904}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{39E9D626-5AC1-4CF7-8827-B513DFE1BD92}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{DE91CDFA-135E-40E5-B749-5DDD1F1F1C57}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{29EB3C1B-5984-409F-AA31-EB7CCC6E7C3E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2B959876-CCEC-483D-9D0B-99C554E8EEA7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{ADDC36D1-3BC3-4331-B203-79FF78B41363}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C4E85C84-3E6B-4A46-BCB2-390C7A2C693D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{15A450DC-F5F0-445B-922D-37178C84A1F4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{00739B69-4133-4732-BC0B-B69FEA83A3AC}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{1AB3ADFD-6866-4A29-835F-5C0D6FBE82D9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{46C7447C-39F5-4287-8107-994462357174}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{68C09A72-EA71-4620-8AB9-9CF7B97163EB}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{D886B5EA-451F-4801-9519-16EF06E75BDF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{45EA03A1-39C3-4083-B316-6EC6C07AC412}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{D39A378B-4A54-48DB-B41D-C334F9AB5EA5}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1980E542-94C0-4EAE-9CC9-0A871EF578D4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1D9E7D51-8AA8-4A8D-99FA-A62E1F7223A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{234B63DB-8DED-4871-98A9-5FB35E8AB5D9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{843BD66B-380A-46C3-BFAC-FA82DA339C93}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CBF13F81-8203-4E17-A9B3-C14F75432A12}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{6E2A65D0-A024-4CDA-850A-B28669B99A19}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{98C1FBFA-5169-457C-8EE7-387A8575C8BF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0FD41A76-F6B7-4767-98D4-5914EFB66306}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{34048F8F-F478-4A74-9718-FF1610241DA9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{57654119-2702-465E-80E5-4CB43E65B70C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{EAAA15AE-9E70-444F-B269-9759106964B7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{92C29F6D-B7B9-4963-9688-2D4A4B8E91B4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{BF909D9A-7318-409B-A9E0-96251AE4F4EF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{25165BEB-8831-44AE-94F7-04E63AC557BE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1FF89E06-E3D8-4F4C-9D22-178FB064230E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{D17D0F0C-1682-4110-A155-5A41DF9ED29A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{9EBFAC6F-0CAF-48CA-AA97-333D7C2D4938}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CA0E8A63-E719-4752-A9E4-71A15DDE947D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{104DD35D-B51D-4BAA-9726-B9A39C127331}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7EB9F81C-B115-4A0E-A40B-E581A2B5B5E0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{4EDF515A-50B7-42B9-95D4-91A2CACEF970}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{060CCC52-5D31-423F-97EE-DD1F50DB9207}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F85AAB0A-23D6-4211-9191-F53D285943FF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{24FF1F92-A5F3-47C3-B4E6-BED468492F7B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1D00E5ED-E5A7-486F-94F7-ED0ED89A602A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{189B56B7-4FE7-47A9-B931-172C20521781}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{CDD4EB2E-1A13-479C-83C7-C1D8C99F7189}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A9EC8D8E-C19F-4783-A150-A89730851788}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{CAB33BC2-FD46-4C71-A5D2-010F0B2BA551}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7F13B5D7-4FB2-436E-93C3-73080A7DE93A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{FC533484-050E-4C32-BEDB-0F4741192172}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7A113C14-FB2D-48FA-A939-7DE943C919FD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{905D5849-95E3-42BC-9617-DC9FF9A50361}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{8D9A61CD-8E78-4300-9FC3-5F27A6A610B0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{833BAB7B-BC2C-4F06-8D63-6A8712537300}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7287617E-667D-4D36-B663-B1F99E419489}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{94070D7F-AE25-461D-AE0A-1F209B3B5DE4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{C8BC8BD8-D798-4AD8-9D34-60FBBA0D0179}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9D15EA70-380E-4686-AC9B-1AD9BD4B2419}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{18073016-80E2-42EA-B85B-466A210E6D03}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1F4A9B5D-FB01-4BC5-B8B6-0FC292D7A05B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1A150557-92DC-46F6-A8F2-A85DB8CD3879}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F5087AF7-073B-472C-AF75-C9E8C7C60801}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F9268F4C-9F01-4B47-B0CE-1A1A88C6DEBD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D33E1BA3-22DD-4091-B2AF-30E43D08B846}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1191310D-F2CF-427D-9870-C7843DB84195}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{87875759-C885-402D-BF81-9F6A74572B7B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0FE9765C-D2FF-4818-A281-B9C1826EA8DD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1243B007-30CB-4DA1-A6D4-147A1AA6C82E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B018C30F-5165-463B-B243-062D2D205A69}] => (Allow) C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C45897A4-9942-4F52-B946-6E033E94FC3B}] => (Allow) C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C2A47498-54C7-44ED-A478-9BC724B68C08}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4777003E-414E-4417-ADBA-8600DF122FFD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8104A464-0F0B-4E34-98F5-C44CF0708000}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9CE2C813-1630-47B7-8514-6AAF28450A2B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A1F121C8-0EAB-4CE7-AFBA-0234F9ADD152}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E9389FCD-1666-45C1-B1F1-3A75C359C72B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1400EEFF-93A1-461E-BB5A-9F615925EF43}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{E8411286-9287-4B14-A007-8928409C6DE1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{00ACE80B-B41E-40EA-A5AB-63DC18D9D38D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{BB3EE62A-E19E-48A3-82E7-1822EF4DDA23}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{FF337B5E-C496-4CF2-8DDD-42BEEB2C676E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{539AE13C-2A09-4D31-8435-03796A5EFFBB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{02725209-B52B-4FD8-95B7-F47EBB74C4FA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E76BB129-CB61-4859-9D98-39117ED1CBA5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{85A069C5-6126-4EAA-ACFD-F71E85E982D2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{228056C2-F0F7-4FCF-95CC-E5600DC1EEBB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E46781D7-673C-458F-B0CD-8CF7E28F8E27}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{ADF5616A-5CAC-4D48-B810-18E8DD5CDAB5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{AF70E296-0309-4620-B0F5-08AF6BED84C2}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7CCE9F97-6071-4615-B7BF-7BAFAFA41EB1}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{DAF19E82-8327-4CDF-BEFD-D7B1FCC1A8F1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1CB80860-C3B8-416F-98BF-9FFBE1C8686F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0151F974-6D55-4DC9-9913-57A9CBB8DA16}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C58C7261-76D6-4702-90F7-5F0B1AA00EA5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{35BA0E5E-7F9B-45AC-B373-7B014348F88E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9AEB76F9-80A0-40CA-BC6C-5CD90484EF08}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5EABFAD5-DA21-4E2B-88CE-174E2664F3E5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8E9E513A-1E8F-4E19-A64B-4849F1D1DA13}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C9CB7D8F-F87D-443D-9D50-BCA7CF29B428}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{48CE8CCC-8D73-456D-8FDE-9C34A2935419}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0B58342A-456E-4A41-91B6-18E808C9CAC8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E9E5B267-FD06-40FB-BF26-EDA91EE15C0D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5F3698CC-1BEF-4E1E-BEDD-31601C2D4A49}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{DAF5F63E-024F-42C7-A6BA-1855AAD76394}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5B81A66D-8964-4375-B2B3-C6B952714502}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{51A141CB-9FB1-4E57-9F47-E8D6215A6288}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2B5C90E7-C17B-4E37-81B4-DB1F777C331D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B1176B39-D0DC-43A9-8656-AF74E50F6B24}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F3AF57C1-D0DD-471B-BA62-374B1810C984}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{978766D4-FB84-47B9-AEAF-686AC264DA75}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/12/2015 08:54:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: plugin-container.exe, versão: 40.0.3.5716, carimbo de data/hora: 0x55ddb213
Nome do módulo com falha: mozglue.dll, versão: 40.0.3.5716, carimbo de data/hora: 0x55dda062
Código de exceção: 0x80000003
Deslocamento da falha: 0x0000e250
ID do processo com falha: 0x2174
Hora de início do aplicativo com falha: 0xplugin-container.exe0
Caminho do aplicativo com falha: plugin-container.exe1
Caminho do módulo com falha: plugin-container.exe2
ID do Relatório: plugin-container.exe3
Nome completo do pacote com falha: plugin-container.exe4
ID do aplicativo relativo ao pacote com falha: plugin-container.exe5

Error: (09/11/2015 11:47:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa LiveComm.exe versão 17.5.9600.20911 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID do Processo: 2fa8

Hora de Início: 01d0ec9ff7df1d49

Hora de Término: 4294967295

Caminho do Aplicativo: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

ID do Relatório: eeff97cf-5893-11e5-82ac-201a0657a1d6

Nome completo do pacote com falha: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

ID do aplicativo relativo ao pacote com falha: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/11/2015 10:05:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: saUpd.exe, versão: 4.0.1.115, carimbo de data/hora: 0x55ae713e
Nome do módulo com falha: ntdll.dll, versão: 6.3.9600.17936, carimbo de data/hora: 0x55a68e0c
Código de exceção: 0xc0000374
Deslocamento da falha: 0x00000000000f1280
ID do processo com falha: 0x27c4
Hora de início do aplicativo com falha: 0xsaUpd.exe0
Caminho do aplicativo com falha: saUpd.exe1
Caminho do módulo com falha: saUpd.exe2
ID do Relatório: saUpd.exe3
Nome completo do pacote com falha: saUpd.exe4
ID do aplicativo relativo ao pacote com falha: saUpd.exe5

Error: (09/11/2015 09:33:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: saUpd.exe, versão: 4.0.1.115, carimbo de data/hora: 0x55ae713e
Nome do módulo com falha: ntdll.dll, versão: 6.3.9600.17936, carimbo de data/hora: 0x55a68e0c
Código de exceção: 0xc0000374
Deslocamento da falha: 0x00000000000f1280
ID do processo com falha: 0x2838
Hora de início do aplicativo com falha: 0xsaUpd.exe0
Caminho do aplicativo com falha: saUpd.exe1
Caminho do módulo com falha: saUpd.exe2
ID do Relatório: saUpd.exe3
Nome completo do pacote com falha: saUpd.exe4
ID do aplicativo relativo ao pacote com falha: saUpd.exe5

Error: (09/11/2015 06:19:37 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/10/2015 02:51:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/10/2015 09:22:19 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/09/2015 07:59:28 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/09/2015 07:58:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: saUpd.exe, versão: 4.0.1.115, carimbo de data/hora: 0x55ae713e
Nome do módulo com falha: ntdll.dll, versão: 6.3.9600.17936, carimbo de data/hora: 0x55a68e0c
Código de exceção: 0xc0000374
Deslocamento da falha: 0x00000000000f1280
ID do processo com falha: 0x2d18
Hora de início do aplicativo com falha: 0xsaUpd.exe0
Caminho do aplicativo com falha: saUpd.exe1
Caminho do módulo com falha: saUpd.exe2
ID do Relatório: saUpd.exe3
Nome completo do pacote com falha: saUpd.exe4
ID do aplicativo relativo ao pacote com falha: saUpd.exe5

Error: (09/09/2015 07:37:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: saUpd.exe, versão: 4.0.1.115, carimbo de data/hora: 0x55ae713e
Nome do módulo com falha: ntdll.dll, versão: 6.3.9600.17936, carimbo de data/hora: 0x55a68e0c
Código de exceção: 0xc0000374
Deslocamento da falha: 0x00000000000f1280
ID do processo com falha: 0x2678
Hora de início do aplicativo com falha: 0xsaUpd.exe0
Caminho do aplicativo com falha: saUpd.exe1
Caminho do módulo com falha: saUpd.exe2
ID do Relatório: saUpd.exe3
Nome completo do pacote com falha: saUpd.exe4
ID do aplicativo relativo ao pacote com falha: saUpd.exe5


System errors:
=============
Error: (09/12/2015 09:29:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Detecção de Serviços Interativos terminou com o erro: 
%%1

Error: (09/12/2015 09:14:45 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço mfemms.

Error: (09/11/2015 09:29:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Detecção de Serviços Interativos terminou com o erro: 
%%1

Error: (09/10/2015 09:27:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Detecção de Serviços Interativos terminou com o erro: 
%%1

Error: (09/09/2015 07:20:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Detecção de Serviços Interativos terminou com o erro: 
%%1

Error: (09/08/2015 10:42:19 AM) (Source: DCOM) (EventID: 10010) (User: MONICA)
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}

Error: (09/08/2015 06:29:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Detecção de Serviços Interativos terminou com o erro: 
%%1

Error: (09/07/2015 07:05:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Detecção de Serviços Interativos terminou com o erro: 
%%1

Error: (09/06/2015 06:36:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Detecção de Serviços Interativos terminou com o erro: 
%%1

Error: (09/05/2015 05:34:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Detecção de Serviços Interativos terminou com o erro: 
%%1


Microsoft Office:
=========================
Error: (09/12/2015 08:54:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe40.0.3.571655ddb213mozglue.dll40.0.3.571655dda062800000030000e250217401d0e89e4d0c1ce4C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dllfc8d60c0-5944-11e5-82ac-201a0657a1d6

Error: (09/11/2015 11:47:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.209112fa801d0ec9ff7df1d494294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exeeeff97cf-5893-11e5-82ac-201a0657a1d6microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (09/11/2015 10:05:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: saUpd.exe4.0.1.11555ae713entdll.dll6.3.9600.1793655a68e0cc000037400000000000f128027c401d0ec9264f4d8c2c:\PROGRA~2\mcafee\SITEAD~1\saUpd.exeC:\Windows\SYSTEM32\ntdll.dlld3e9bbf6-5885-11e5-82ac-201a0657a1d6

Error: (09/11/2015 09:33:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: saUpd.exe4.0.1.11555ae713entdll.dll6.3.9600.1793655a68e0cc000037400000000000f1280283801d0ec8e0c5a180cc:\PROGRA~2\mcafee\SITEAD~1\saUpd.exeC:\Windows\SYSTEM32\ntdll.dll5f5c1815-5881-11e5-82ac-201a0657a1d6

Error: (09/11/2015 06:19:37 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/10/2015 02:51:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/10/2015 09:22:19 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/09/2015 07:59:28 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/09/2015 07:58:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: saUpd.exe4.0.1.11555ae713entdll.dll6.3.9600.1793655a68e0cc000037400000000000f12802d1801d0eaee610f9be3c:\PROGRA~2\mcafee\SITEAD~1\saUpd.exeC:\Windows\SYSTEM32\ntdll.dllb88ad6ee-56e1-11e5-82ac-201a0657a1d6

Error: (09/09/2015 07:37:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: saUpd.exe4.0.1.11555ae713entdll.dll6.3.9600.1793655a68e0cc000037400000000000f1280267801d0eaeb4e9ab877c:\PROGRA~2\mcafee\SITEAD~1\saUpd.exeC:\Windows\SYSTEM32\ntdll.dllbd8acb64-56de-11e5-82ac-201a0657a1d6


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) 2955U @ 1.40GHz
Percentage of memory in use: 44%
Total physical RAM: 3976.27 MB
Available physical RAM: 2210.18 MB
Total Virtual: 6280.27 MB
Available Virtual: 4225.64 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:447.69 GB) (Free:400.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3FB2AF5E)

Partition: GPT.

==================== End of Addition.txt ============================
         


Ich hoffe, ihr koennt mir helfen, die Plagegeister wieder loszuwerden.

Viele Gruesse,
Carsten

Alt 12.09.2015, 16:58   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 / Firefox  russische Po-ups behindern normales Surfen - Standard

Windows 8 / Firefox russische Po-ups behindern normales Surfen



hi,

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 12.09.2015, 22:34   #3
cybercarsten
 
Windows 8 / Firefox  russische Po-ups behindern normales Surfen - Standard

Windows 8 / Firefox russische Po-ups behindern normales Surfen



Hallo!
Danke fuer die schnelle Antwort.
Ich habe AdwCleaner und JRT laufen lassen (AdwCleaner war verdaechtig schnell fertig).
Hier die Logfiles:

Code:
ATTFilter
# AdwCleaner v5.007 - Relatório criado 12/09/2015 às 16:47:46
# Atualizado 08/09/2015 por Xplode
# Banco de dados : 2015-09-08.2 [Local]
# Sistema operacional : Windows 8.1 Single Language  (x64)
# Usuário : Monica - MONICA
# Executando de : C:\Users\Monica\Desktop\AdwCleaner_5.007.exe
# Opção : Limpar
# Apoio : hxxp://toolslib.net/forum

***** [ Serviços ] *****


***** [ Pastas ] *****


***** [ Arquivos ] *****


***** [ Atalhos ] *****


***** [ Tarefas agendadas ] *****


***** [ Registro ] *****

[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf
[-] Valor Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D

***** [ Navegadores ] *****


*************************

:: Configurações Proxy restauradas
:: Configurações Winsock restauradas
:: Políticas do Chrome excluídas

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1412 bytes] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 8.1 Single Language x64
Ran by Monica on 12/09/2015 at 16:57:23,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\Monica\Appdata\Local\nspEA15.tmp



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Monica\AppData\Roaming\mozilla\firefox\profiles\p4fqrnbh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
Emptied folder: C:\Users\Monica\AppData\Roaming\mozilla\firefox\profiles\p4fqrnbh.default\minidumps [11 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/09/2015 at 17:01:11,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
Ran by Monica (administrator) on MONICA (12-09-2015 17:07:22)
Running from C:\Users\Monica\Desktop
Loaded Profiles: Monica (Available Profiles: Monica)
Platform: Windows 8.1 Single Language (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.6.1008.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2015-07-27] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3792598364-1687661706-653696805-1001\...\Run: [Dropbox Update] => C:\Users\Monica\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-07-27] ()
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-18] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-18] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-18] (Acer Incorporated)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-12-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1	mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 89.248.166.149 8.8.8.8
Tcpip\..\Interfaces\{7B40D5F3-8CB1-4B0F-AF03-7785EE67636D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BCA91B0F-7C70-41BA-A4FA-BAB10466C94F}: [DhcpNameServer] 89.248.166.149 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3792598364-1687661706-653696805-1001 -> DefaultScope {9398AD76-4E30-43A2-99DD-236C1B42E630} URL = hxxps://br.search.yahoo.com/search?fr=mcafee&type=C011BR0D20140722&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3792598364-1687661706-653696805-1001 -> {9398AD76-4E30-43A2-99DD-236C1B42E630} URL = hxxps://br.search.yahoo.com/search?fr=mcafee&type=C011BR0D20140722&p={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-07] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-07] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\p4fqrnbh.default
FF Homepage: hxxp://www.google.com.br/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-07] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-05-01] (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF Extension: Block site - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\p4fqrnbh.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-06-07]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\p4fqrnbh.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-05-17]
FF Extension: Strict Pop-up Blocker - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\p4fqrnbh.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2015-09-03]
FF Extension: Adblock Plus - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\p4fqrnbh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-20]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-11-01]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-25]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed]
S2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-07-23] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-16] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-07-21] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
S4 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-05-01] (Nitro PDF Software)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2014-11-12] (The OpenVPN Project)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-09-12] ()
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-07-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-12 17:07 - 2015-09-12 17:07 - 00018653 _____ C:\Users\Monica\Desktop\FRST.txt
2015-09-12 17:01 - 2015-09-12 17:01 - 00000976 _____ C:\Users\Monica\Desktop\JRT.txt
2015-09-12 16:54 - 2015-09-12 16:54 - 00043664 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-09-12 16:52 - 2015-09-12 16:52 - 00001495 _____ C:\Users\Monica\Desktop\AdwCleaner[C2].txt
2015-09-12 16:36 - 2015-09-12 16:36 - 01799392 _____ (Malwarebytes Corporation) C:\Users\Monica\Desktop\JRT_7600.exe
2015-09-12 16:35 - 2015-09-12 16:35 - 01660416 _____ C:\Users\Monica\Desktop\AdwCleaner_5.007.exe
2015-09-12 10:48 - 2015-09-12 10:48 - 00005143 _____ C:\Users\Monica\Desktop\SISTEMA_ODS.LOG
2015-09-12 10:48 - 2015-09-12 10:48 - 00002019 _____ C:\Users\Monica\Desktop\Monica_ODS.LOG
2015-09-12 10:48 - 2015-09-12 10:48 - 00001019 _____ C:\Users\Monica\Desktop\OAS.LOG
2015-09-12 10:40 - 2015-09-12 10:40 - 00002855 _____ C:\Users\Monica\Desktop\MWB20150912.txt
2015-09-12 10:39 - 2015-09-12 10:39 - 00005822 _____ C:\Users\Monica\Desktop\MWB201505.txt
2015-09-12 09:55 - 2015-09-12 09:55 - 00007508 _____ C:\Users\Monica\Desktop\gmer20150912.log
2015-09-12 09:49 - 2015-09-12 09:49 - 00380416 _____ C:\Users\Monica\Desktop\Gmer-19357.exe
2015-09-12 09:45 - 2015-09-12 09:45 - 00000474 _____ C:\Users\Monica\Desktop\defogger_disable.log
2015-09-12 09:45 - 2015-09-12 09:45 - 00000000 _____ C:\Users\Monica\defogger_reenable
2015-09-12 09:44 - 2015-09-12 09:44 - 00050477 _____ C:\Users\Monica\Desktop\Defogger.exe
2015-09-12 09:32 - 2015-09-12 09:34 - 00060640 _____ C:\Users\Monica\Desktop\Addition1.txt
2015-09-12 09:30 - 2015-09-12 09:34 - 00041285 _____ C:\Users\Monica\Desktop\FRST1.txt
2015-09-12 09:29 - 2015-09-12 17:07 - 00000000 ____D C:\FRST
2015-09-12 09:29 - 2015-09-12 09:29 - 02190848 _____ (Farbar) C:\Users\Monica\Desktop\FRST64.exe
2015-09-11 07:46 - 2015-09-02 23:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-11 07:46 - 2015-09-02 23:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-11 07:46 - 2015-09-02 15:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-11 07:46 - 2015-09-02 14:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-11 07:46 - 2015-07-22 11:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-11 07:46 - 2015-07-22 10:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-11 07:46 - 2015-07-17 11:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-11 07:46 - 2015-07-17 11:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-11 07:46 - 2015-07-09 13:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-09-11 07:46 - 2015-07-03 18:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-11 07:46 - 2015-07-03 11:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-09-11 07:46 - 2015-06-27 08:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-11 07:46 - 2015-06-19 14:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-09-11 07:45 - 2015-07-13 16:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml
2015-09-11 07:45 - 2015-07-10 16:06 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2015-09-10 21:49 - 2015-09-10 21:49 - 00330240 _____ C:\Users\Monica\Downloads\TP4 present simple.ppt
2015-09-09 07:38 - 2015-08-26 23:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 07:38 - 2015-08-26 15:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-09 07:38 - 2015-08-26 15:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-09 07:38 - 2015-08-26 15:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-09 07:38 - 2015-08-26 15:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-09 07:38 - 2015-08-26 11:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 07:38 - 2015-08-26 11:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 07:38 - 2015-08-26 11:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 07:38 - 2015-08-26 11:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-09 07:38 - 2015-08-26 11:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 07:38 - 2015-08-26 11:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 07:38 - 2015-08-26 11:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 07:37 - 2015-07-30 14:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 07:37 - 2015-07-30 13:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-09 07:36 - 2015-08-22 15:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 07:36 - 2015-08-22 14:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 07:36 - 2015-08-22 14:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 07:36 - 2015-08-22 14:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 07:36 - 2015-08-22 14:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 07:36 - 2015-08-22 14:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 07:36 - 2015-08-22 13:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 07:36 - 2015-08-22 13:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 07:36 - 2015-08-22 13:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-09 07:36 - 2015-08-22 13:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 07:36 - 2015-08-22 13:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-09 07:36 - 2015-08-22 13:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 07:36 - 2015-08-22 13:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 07:36 - 2015-08-22 13:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 07:36 - 2015-08-22 13:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 07:36 - 2015-08-22 13:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 07:36 - 2015-08-22 13:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 07:36 - 2015-08-22 13:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 07:36 - 2015-08-22 13:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-09 07:36 - 2015-08-22 13:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 07:36 - 2015-08-22 13:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-09 07:36 - 2015-08-22 13:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 07:36 - 2015-08-22 13:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 07:36 - 2015-08-22 13:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 07:36 - 2015-08-22 13:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 07:36 - 2015-08-22 13:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 07:36 - 2015-08-22 13:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 07:36 - 2015-08-22 12:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 07:36 - 2015-08-22 12:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 07:36 - 2015-07-22 11:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 07:36 - 2015-07-22 11:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-09 07:36 - 2015-07-22 11:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-09 07:36 - 2015-07-22 11:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 07:36 - 2015-07-18 15:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-09 07:36 - 2015-07-18 15:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-09 07:36 - 2015-07-18 15:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-09 07:36 - 2015-07-18 15:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-09 07:35 - 2015-09-01 23:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 07:35 - 2015-09-01 23:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 07:35 - 2015-09-01 23:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 07:35 - 2015-09-01 23:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-09 07:35 - 2015-09-01 23:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-09 07:35 - 2015-08-03 18:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 07:35 - 2015-08-03 18:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-09 07:35 - 2015-08-01 11:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 07:35 - 2015-08-01 00:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-09 07:35 - 2015-08-01 00:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-09 07:35 - 2015-08-01 00:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 07:35 - 2015-08-01 00:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-09 07:35 - 2015-08-01 00:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-09 07:35 - 2015-07-14 00:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
2015-08-27 19:18 - 2015-08-27 19:18 - 01734144 _____ C:\Users\Monica\Downloads\lesson3.ppt
2015-08-27 16:31 - 2015-09-12 09:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-20 20:42 - 2015-08-20 20:44 - 27555912 _____ C:\Users\Monica\Downloads\Luxury Lifestyle.avi
2015-08-19 04:52 - 2015-08-19 04:52 - 00003334 _____ C:\Windows\System32\Tasks\AcerCloud
2015-08-19 04:52 - 2015-08-19 04:52 - 00002028 _____ C:\Users\Public\Desktop\Acer Portal.lnk
2015-08-13 22:50 - 2015-08-13 22:50 - 01279488 _____ C:\Users\Monica\Downloads\Quiz pronouns possessive.xls
2015-08-13 22:50 - 2015-08-13 22:50 - 00389632 _____ C:\Users\Monica\Downloads\regrets.pps
2015-08-13 22:49 - 2015-08-13 22:49 - 02560000 _____ C:\Users\Monica\Downloads\L1 pronouns.ppt
2015-08-13 22:49 - 2015-08-13 22:49 - 02560000 _____ C:\Users\Monica\Downloads\L1 pronouns.pps
2015-08-13 12:14 - 2015-07-30 11:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 12:14 - 2015-07-30 10:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 10:02 - 2015-08-13 10:04 - 00000000 ____D C:\backup SONY 4GB
2015-08-13 09:24 - 2015-06-11 17:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-08-13 09:24 - 2015-06-11 17:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-08-13 09:23 - 2015-06-12 14:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-08-13 09:23 - 2015-06-12 13:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-13 09:22 - 2015-07-28 20:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-13 09:22 - 2015-07-28 11:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-13 09:22 - 2015-07-28 11:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-13 09:22 - 2015-07-28 11:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-13 09:22 - 2015-07-28 11:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-13 09:22 - 2015-07-28 11:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-13 09:22 - 2015-07-28 11:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-13 09:20 - 2015-07-07 06:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-08-13 09:20 - 2015-07-07 06:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-08-13 09:20 - 2015-07-07 06:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-08-13 09:19 - 2015-07-14 18:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-08-13 09:19 - 2015-07-14 18:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-08-13 09:19 - 2015-07-14 18:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-21 10:36 - 2014-02-05 19:33 - 00000852 _____ C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 04:34 - 2014-02-05 19:33 - 00000712 _____ C:\Windows\system32\Drivers\RTMICEQ0.dat
2015-09-12 17:05 - 2014-02-05 19:03 - 01350278 _____ C:\Windows\WindowsUpdate.log
2015-09-12 17:04 - 2014-07-02 17:10 - 00000000 __RDO C:\Users\Monica\SkyDrive
2015-09-12 17:01 - 2014-07-02 21:26 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-12 17:00 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-12 16:55 - 2014-07-02 17:12 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3792598364-1687661706-653696805-1001
2015-09-12 16:50 - 2015-05-07 20:12 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-09-12 16:50 - 2014-11-12 18:11 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-12 16:50 - 2013-08-22 11:46 - 00032765 _____ C:\Windows\setupact.log
2015-09-12 16:50 - 2013-08-22 11:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-12 16:49 - 2013-11-01 08:23 - 00875634 _____ C:\Windows\PFRO.log
2015-09-12 16:47 - 2015-04-28 14:43 - 00000000 ____D C:\AdwCleaner
2015-09-12 14:54 - 2014-07-02 19:15 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7A32C733-5B5E-4645-84DD-67B52D44E8A1}
2015-09-12 10:29 - 2013-08-22 10:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-12 10:00 - 2014-11-12 18:11 - 00001118 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-12 10:00 - 2014-11-12 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-09-12 10:00 - 2014-11-12 18:11 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-09-12 09:45 - 2014-07-02 17:06 - 00000000 ____D C:\Users\Monica
2015-09-12 09:23 - 2014-02-06 00:45 - 00774900 _____ C:\Windows\system32\prfh0416.dat
2015-09-12 09:23 - 2014-02-06 00:45 - 00158494 _____ C:\Windows\system32\prfc0416.dat
2015-09-12 09:23 - 2013-11-01 08:36 - 01797166 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-12 09:17 - 2013-08-22 11:44 - 00362728 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-12 09:15 - 2014-07-05 18:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-12 09:12 - 2013-08-22 16:12 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-12 09:12 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-12 09:11 - 2014-07-02 18:10 - 00000000 ____D C:\Windows\system32\MRT
2015-09-12 09:02 - 2015-07-31 10:18 - 00024145 _____ C:\Users\Monica\Documents\promotoria.odt
2015-09-11 11:49 - 2013-08-22 12:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-11 11:08 - 2013-08-22 10:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-09-11 06:01 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-10 21:53 - 2014-07-20 08:02 - 00309248 ___SH C:\Users\Monica\Downloads\Thumbs.db
2015-09-09 07:15 - 2014-07-02 23:18 - 00000000 ____D C:\Users\Monica\AppData\Local\CrashDumps
2015-09-08 08:23 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\rescache
2015-09-05 05:37 - 2014-09-10 14:33 - 00553984 ___SH C:\Users\Monica\Documents\Thumbs.db
2015-08-26 18:37 - 2014-07-02 18:10 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-23 17:18 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\NDF
2015-08-19 04:52 - 2013-11-01 08:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-08-19 04:46 - 2014-07-02 17:09 - 00000000 ____D C:\Users\Monica\AppData\Local\clear.fi
2015-08-17 10:25 - 2014-12-13 11:18 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-17 10:25 - 2014-07-10 11:16 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-17 10:25 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-17 10:25 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-17 10:25 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-17 10:25 - 2013-08-22 12:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-17 10:25 - 2013-08-22 12:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-13 12:10 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 12:10 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 12:10 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

==================== Files in the root of some directories =======

2014-11-26 17:39 - 2014-11-26 17:42 - 30896010 _____ () C:\Program Files\Passware Kit PRO.zip
2014-04-22 09:03 - 2014-04-22 09:03 - 123392946 _____ () C:\Program Files (x86)\openoffice1.cab
2014-04-22 09:01 - 2014-04-22 09:01 - 2310144 _____ () C:\Program Files (x86)\openoffice410.msi
2014-04-22 09:01 - 2014-04-22 09:01 - 0476160 _____ () C:\Program Files (x86)\setup.exe
2014-04-22 09:01 - 2014-04-22 09:01 - 0000279 _____ () C:\Program Files (x86)\setup.ini
2014-07-05 17:23 - 2014-07-05 17:23 - 0000266 _____ () C:\Users\Monica\AppData\Local\alwju.bat
2014-07-05 17:21 - 2014-07-05 17:21 - 0000266 _____ () C:\Users\Monica\AppData\Local\bncpb.bat
2014-07-05 17:18 - 2014-07-05 17:18 - 0000266 _____ () C:\Users\Monica\AppData\Local\ikuwyceg.bat
2014-07-05 17:25 - 2014-07-05 17:25 - 0000266 _____ () C:\Users\Monica\AppData\Local\isnpkup.bat
2014-07-05 17:31 - 2014-07-05 17:31 - 0000266 _____ () C:\Users\Monica\AppData\Local\lindinsi.bat
2014-07-05 17:27 - 2014-07-05 17:27 - 0000266 _____ () C:\Users\Monica\AppData\Local\timyfs.bat
2014-07-05 17:29 - 2014-07-05 17:29 - 0000266 _____ () C:\Users\Monica\AppData\Local\tyeljw.bat
2014-02-05 19:33 - 2014-02-05 19:33 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Monica\AppData\Local\Temp\8EDA.exe
C:\Users\Monica\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgffirz.dll
C:\Users\Monica\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Monica\AppData\Local\Temp\nitro_reader3_64.exe
C:\Users\Monica\AppData\Local\Temp\octC2DF.tmp.exe
C:\Users\Monica\AppData\Local\Temp\Quarantine.exe
C:\Users\Monica\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-01 07:33

==================== End of FRST.txt ============================
         
--- --- ---


[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by Monica (2015-09-12 17:08:33)
Running from C:\Users\Monica\Desktop
Windows 8.1 Single Language (X64) (2014-07-02 20:07:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3792598364-1687661706-653696805-500 - Administrator - Disabled)
Convidado (S-1-5-21-3792598364-1687661706-653696805-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3792598364-1687661706-653696805-1003 - Limited - Enabled)
Monica (S-1-5-21-3792598364-1687661706-653696805-1001 - Administrator - Enabled) => C:\Users\Monica

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Antivírus e antispyware da McAfee  (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Antivírus e antispyware da McAfee  (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.08.2003 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.04.2004.0 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.07.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.09.2004.0 - Acer Incorporated)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.8 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.2.1.2 - Broadcom Corporation)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3126.57 - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-3792598364-1687661706-653696805-1001\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
Ferramentas do Visual Studio 2005 para Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.245 - SurfRight B.V.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.115 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-GB)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Nitro Reader 3 (HKLM\...\{E5660852-CBDA-4C17-9475-C0C0E5A4CFB4}) (Version: 3.5.3.14 - Nitro)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
OpenOffice 4.1.0 (HKLM-x32\...\{28B88897-774A-4005-BBFF-663B1F8EAA5A}) (Version: 4.10.9764 - Apache Software Foundation)
PDF Split And Merge Basic (HKLM\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.3 - Andrea Vacondio)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.13 - Synaptics Incorporated)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

20-08-2015 17:36:08 Windows Update
31-08-2015 07:12:32 Windows Update
08-09-2015 15:27:34 Ponto de Verificação Agendado
12-09-2015 09:06:37 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 10:25 - 2015-08-11 14:54 - 00000854 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.1	mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F27EC7E-E8F1-4D6C-88D1-DBB19477BD39} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-11 -> No File <==== ATTENTION
Task: {10F98876-4BA0-4BA8-9E98-B7F46BDAD16F} - System32\Tasks\lindinsi => C:\Users\Monica\AppData\Local\lindinsi.bat [2014-07-05] ()
Task: {190DC44D-8E22-45F9-A675-5D78CA06A748} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-5_user -> No File <==== ATTENTION
Task: {202B0A4E-918B-4043-93A7-D81700F16E24} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-08-13] (Acer)
Task: {2BF73531-0812-442F-9C20-298864C2A821} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {2EA1FE73-FE03-4AF7-97F8-A58AB7D291F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {335486A0-07A8-44F5-A129-987F88214A7D} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-07-23] (Acer Incorporated)
Task: {3C7020F0-4BDB-4AA4-B34C-808F90E2F5E7} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {3F365E5C-C7BB-40F1-B0A1-6549DCE46748} - System32\Tasks\ikuwyceg => C:\Users\Monica\AppData\Local\ikuwyceg.bat [2014-07-05] ()
Task: {57493D84-9C8E-4615-9641-B22D812C6F75} - System32\Tasks\isnpkup => C:\Users\Monica\AppData\Local\isnpkup.bat [2014-07-05] ()
Task: {5BACF658-2447-4EE9-BD6B-67A1EF12175A} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-5 -> No File <==== ATTENTION
Task: {5E558A77-EABC-48A8-907C-A2856FA13AA3} - System32\Tasks\timyfs => C:\Users\Monica\AppData\Local\timyfs.bat [2014-07-05] ()
Task: {646B7114-B6C8-4ED3-BF80-743BA8FDB6FD} - System32\Tasks\tyeljw => C:\Users\Monica\AppData\Local\tyeljw.bat [2014-07-05] ()
Task: {65C76B99-C017-47DD-AAC9-1E3C75D833A9} - System32\Tasks\alwju => C:\Users\Monica\AppData\Local\alwju.bat [2014-07-05] ()
Task: {70FDF72B-6D2F-4B0E-8BFF-03C2957AD54A} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {7124E938-5E16-4442-B98D-EC5187990663} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate)
Task: {72D0B9F4-8143-4B6F-87C3-D306AF544271} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {75412B3F-992A-4759-9CB7-64225A7FB2BD} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-1 -> No File <==== ATTENTION
Task: {8831CF92-CBD4-45E3-A388-BA52CCB27FC4} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {98D21829-3B98-48A1-894F-6A625F8CCFC3} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {9BD3C0E8-3784-4E29-BF6B-77845CB8110D} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-2 -> No File <==== ATTENTION
Task: {A1775910-CDE8-43B3-9ED4-203C04B24E14} - System32\Tasks\bncpb => C:\Users\Monica\AppData\Local\bncpb.bat [2014-07-05] ()
Task: {A304EFB4-FE0F-45F7-8AFD-B62CF6EDE5B6} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-3 -> No File <==== ATTENTION
Task: {C16458BF-446D-469A-83E4-AB0E7F682EF5} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-4 -> No File <==== ATTENTION
Task: {D3DFA619-5149-4796-AC2D-BF89A73E4E9A} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {E5B91C5B-4900-4DB1-8BE0-51E7B7AB1DC6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {E8CFD0D5-62DF-4B73-B28B-6925F60E0925} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3792598364-1687661706-653696805-1001Core.job => C:\Users\Monica\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-02-05 19:26 - 2013-09-03 20:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Monica\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Monica\Documents\Anderson pedido.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\Anderson pedido.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\autoriracao rateio 13 salario.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\autoriracao rateio 13 salario.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\Hotel pagamento.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\Hotel pagamento.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\OAB curso.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\OAB curso.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\Processo Anarilda Wellington.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Monica\Documents\rateio 13 salario.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\rateio 13 salario.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\T03 attendance 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\T03 attendance 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\T03 attendance 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\T03 attendance 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\T03 QT.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\T03 QT.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\T03 schedule.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\T03 schedule.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\Thyssen boleto.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\Thyssen boleto.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\Vienna Freud.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\Vienna Freud.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3792598364-1687661706-653696805-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 89.248.166.149 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{868B7A9A-3771-488A-953B-F26B35463F52}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{A6AAD695-9D85-43D8-8EF1-840D0D7225E8}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{D424EB46-FD6A-42B8-BF84-BAE5582EB53B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{878298F0-B10E-41D2-B924-10795C559E21}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{A95C9EAB-BCAF-487E-A78E-91A41FF59D77}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{5A01F964-4C54-4E28-A134-8B7737552A6C}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{5EB92DF1-D48E-476E-96D6-9EF4B001E2CD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{2882398B-6DF1-48C4-AD47-B83295F56AA7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{FFC1E2C4-C418-46D0-A9A6-704C2392E609}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{6DDB21F3-ADF3-4784-8261-85C4EDA81B72}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{AFAB4A6E-22ED-48DD-86FE-5BD3DDA901D1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{63611343-3981-4AB1-8B24-BD730C4B4616}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{638023C5-0CE1-460B-8E2B-27E1323D5745}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{7B8F9CDC-8B63-46E8-8B9C-9B41C5F71BCE}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{F61E21B8-A811-4390-8C48-F76709C647B4}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{32CB50FA-5ECE-4CE2-809A-62EEAD42AD73}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{D26B9193-3F07-4625-8CEA-AE17F9E69ABB}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{7F4E1D66-B2BB-4F19-AC59-0A323EE6CDA3}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{6A840E65-DA1B-429A-AF4F-73BE8B951184}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{271879EF-7A48-4758-BC5F-538D9F33B421}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{A875F548-50CF-42D6-BC9C-E20F305F33B4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{B5E3560E-AD87-44E5-959D-792E2648C3F4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{0A663979-5B49-4EB1-9654-114059C55B1D}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{4B3D8C37-3C44-43BD-9BF5-BD7436DDC9C1}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{2FA47325-1091-4631-949D-6C9E8250C8DC}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{7F7C622A-1DA4-4592-AB73-BF3AE172A9C4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{264CADAA-C8EB-4F77-8D5B-594862727558}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{056F5CE8-5D3B-4A98-8598-860442AF70D8}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{2CF087A2-0A94-4B1F-BF9E-E981076CF396}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{881BD0AC-6A1A-4B2A-BFB0-F082B355D0A5}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{0222F0C9-A388-4D48-9915-50C5FCCB1142}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{C2251342-C52A-4761-943B-C3F3754AA2BD}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{2CAD4F62-82BD-4EA4-AF23-3F27A35C56E0}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{D170B7FF-9CB2-40AE-ADFE-12DAFF0D6B0F}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{A2C5235E-F22F-440B-83BA-4904F19D3E6A}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{3A3BA756-49D5-4155-ABA4-294F4B07B8DB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{5B123DF9-9854-452A-9373-637B53F5C6A5}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{FAB3BB80-2F01-4864-9FC1-AFD08D68C346}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{97AEFD6C-C061-4DC0-B147-0337EA7112B6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{3016371D-2ED5-44FE-BF84-004194B3F1BA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{8E4DA2B1-732A-424C-97BD-35EF3D105D5E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{F5D63344-8AD3-4DED-A560-E2D440E6DFF2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{1FAEED5E-6B1F-4F0F-A11E-BCE5B072BC4D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{F676DF36-0BDF-4856-B392-1F6A6306A90B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{4EC186E5-B7C0-4F15-BC32-C651A7A227AB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{F4D1FF55-E8CA-41D6-86D6-A6EF82A19AC9}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{9E74EFCD-9DFA-4F18-BF63-D1FFD2C71BE6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{2279D5BE-86C8-4937-A4A0-9BAC04524933}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{C6CC19CE-1B50-436B-B62E-7726F68F04EB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{CF1E157F-3F22-4462-8C4D-D3AB28319EFC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{6F4A818D-11AC-4593-BE86-CD9E64036F6F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{AD378EB5-2202-4560-9DBF-BE2235558B64}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{8389B775-3C41-47F4-BFF9-990CC3A4A27F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{22F5B9FD-CE76-457B-A7E7-0496E8A080FC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{06F4BBC1-CB61-4B40-B1A7-D194A99EE9C6}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0700FB97-8510-4857-A77D-0FF68F36D201}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1C8272E6-B760-4020-A911-A4225A882F08}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{2CB13FF8-B673-44D5-9024-6FE67FC564E2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{ACD2B40B-E57F-434A-AC4B-380600317282}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{7A22DA6B-9407-4BB2-A534-2E62B3333879}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{8FB30E29-BE65-442D-A164-C99A40612211}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{93241890-2DF0-445D-B4FA-4D271080442F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{038E517A-F8C2-470B-B57D-3A67ED609DD7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{444045C5-0F26-48C0-90FE-A678CAD420FD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2683B2DC-283B-4E09-856A-1DF0CFB54C0B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B5C97B80-385A-4971-9BBA-50A2A50A5070}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{3D7D96BA-3AA9-4A42-972F-CBD7D0CCCA96}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8234C44A-6F09-4519-B0BF-F57B46BE901E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{9770236A-BBB4-449A-A3AC-543E9E723327}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6972A28D-638B-4845-B421-D43C05E704E9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{91D29E93-0FCC-422E-99DA-A79140AE1667}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{886C925C-7B24-4A60-BD0E-EEDB00A68225}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{8D6295D0-7866-4DFA-A082-CA65672C83E7}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{7D2507BC-57AB-463B-89F1-03C38F0873FB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{57BFAAEA-4599-4C09-A63D-973848853C49}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{F100F530-C53E-42F0-90E2-0A00FE65B221}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{685E26CF-218D-4DAE-8FC4-E00A50FFCDDC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{CF53BECB-D4BE-44C9-9591-3ACC9D266C14}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{5ED27DD8-EEA6-4F8D-AD5C-922D2BFF0EBE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{D370543C-6A16-44D1-8B83-1E728FC7A876}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{612263E9-0C35-426F-8083-D1ED98DAF474}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{2C80D9B6-D082-4612-99CA-5DD1B8E6DFC1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{B3A3E02C-117C-4FCF-B66D-6C5ADB6173EE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{E78972D7-698C-4FF9-B87A-8749A733DC17}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{FF7E2908-103A-4E7D-8763-6941211D8D12}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{F2530216-9564-4763-A2F4-3537C299A6F6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{04FB3D35-2674-47B4-BE20-BD5B46B49E50}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{614F8E57-FE70-4652-B4E3-2C0F6CDF5739}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{82E064D5-5985-46B1-9995-D310F28E8076}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{8FCAFA1A-BE1D-4F93-8FB8-C4EF2208262B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{4716CF87-62DD-4E66-9F84-3A1252EEF3E6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{F00DC467-E3CE-484D-B87A-BDA039004679}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{F0EEBE2B-9CFF-4337-865E-164A9A4FC8D6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{FBB3B59A-13F5-4C37-BAAA-31BD77C39EDE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{F5A9BDA5-972F-4680-9A57-C6C7E5BEF745}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{ED219CD8-B7F4-46B3-800F-55977BE9C13D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{BA2904AB-57F3-49BB-BA1E-4C238121F382}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{160DB14B-29FA-4EB2-A46D-FF04AA303BA3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CEFA2315-3CC7-46B4-BFCF-FF59B24E2844}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{EECC0A66-53B6-4BCD-9EDE-C0E6AB6058DE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{4BEE438A-6861-493F-8737-3E59DC612532}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{A5F84365-CD3A-4345-BE30-964F9895C84A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{9003A799-4235-4EC3-A690-BAF8ABA96904}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{39E9D626-5AC1-4CF7-8827-B513DFE1BD92}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{DE91CDFA-135E-40E5-B749-5DDD1F1F1C57}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{29EB3C1B-5984-409F-AA31-EB7CCC6E7C3E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2B959876-CCEC-483D-9D0B-99C554E8EEA7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{ADDC36D1-3BC3-4331-B203-79FF78B41363}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C4E85C84-3E6B-4A46-BCB2-390C7A2C693D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{15A450DC-F5F0-445B-922D-37178C84A1F4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{00739B69-4133-4732-BC0B-B69FEA83A3AC}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{1AB3ADFD-6866-4A29-835F-5C0D6FBE82D9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{46C7447C-39F5-4287-8107-994462357174}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{68C09A72-EA71-4620-8AB9-9CF7B97163EB}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{D886B5EA-451F-4801-9519-16EF06E75BDF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{45EA03A1-39C3-4083-B316-6EC6C07AC412}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{D39A378B-4A54-48DB-B41D-C334F9AB5EA5}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1980E542-94C0-4EAE-9CC9-0A871EF578D4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1D9E7D51-8AA8-4A8D-99FA-A62E1F7223A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{234B63DB-8DED-4871-98A9-5FB35E8AB5D9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{843BD66B-380A-46C3-BFAC-FA82DA339C93}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CBF13F81-8203-4E17-A9B3-C14F75432A12}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{6E2A65D0-A024-4CDA-850A-B28669B99A19}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{98C1FBFA-5169-457C-8EE7-387A8575C8BF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0FD41A76-F6B7-4767-98D4-5914EFB66306}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{34048F8F-F478-4A74-9718-FF1610241DA9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{57654119-2702-465E-80E5-4CB43E65B70C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{EAAA15AE-9E70-444F-B269-9759106964B7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{92C29F6D-B7B9-4963-9688-2D4A4B8E91B4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{BF909D9A-7318-409B-A9E0-96251AE4F4EF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{25165BEB-8831-44AE-94F7-04E63AC557BE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1FF89E06-E3D8-4F4C-9D22-178FB064230E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{D17D0F0C-1682-4110-A155-5A41DF9ED29A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{9EBFAC6F-0CAF-48CA-AA97-333D7C2D4938}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CA0E8A63-E719-4752-A9E4-71A15DDE947D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{104DD35D-B51D-4BAA-9726-B9A39C127331}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7EB9F81C-B115-4A0E-A40B-E581A2B5B5E0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{4EDF515A-50B7-42B9-95D4-91A2CACEF970}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{060CCC52-5D31-423F-97EE-DD1F50DB9207}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F85AAB0A-23D6-4211-9191-F53D285943FF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{24FF1F92-A5F3-47C3-B4E6-BED468492F7B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1D00E5ED-E5A7-486F-94F7-ED0ED89A602A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{189B56B7-4FE7-47A9-B931-172C20521781}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{CDD4EB2E-1A13-479C-83C7-C1D8C99F7189}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A9EC8D8E-C19F-4783-A150-A89730851788}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{CAB33BC2-FD46-4C71-A5D2-010F0B2BA551}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7F13B5D7-4FB2-436E-93C3-73080A7DE93A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{FC533484-050E-4C32-BEDB-0F4741192172}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7A113C14-FB2D-48FA-A939-7DE943C919FD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{905D5849-95E3-42BC-9617-DC9FF9A50361}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{8D9A61CD-8E78-4300-9FC3-5F27A6A610B0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{833BAB7B-BC2C-4F06-8D63-6A8712537300}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7287617E-667D-4D36-B663-B1F99E419489}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{94070D7F-AE25-461D-AE0A-1F209B3B5DE4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{C8BC8BD8-D798-4AD8-9D34-60FBBA0D0179}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9D15EA70-380E-4686-AC9B-1AD9BD4B2419}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{18073016-80E2-42EA-B85B-466A210E6D03}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1F4A9B5D-FB01-4BC5-B8B6-0FC292D7A05B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1A150557-92DC-46F6-A8F2-A85DB8CD3879}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F5087AF7-073B-472C-AF75-C9E8C7C60801}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F9268F4C-9F01-4B47-B0CE-1A1A88C6DEBD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D33E1BA3-22DD-4091-B2AF-30E43D08B846}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1191310D-F2CF-427D-9870-C7843DB84195}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{87875759-C885-402D-BF81-9F6A74572B7B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0FE9765C-D2FF-4818-A281-B9C1826EA8DD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1243B007-30CB-4DA1-A6D4-147A1AA6C82E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B018C30F-5165-463B-B243-062D2D205A69}] => (Allow) C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C45897A4-9942-4F52-B946-6E033E94FC3B}] => (Allow) C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C2A47498-54C7-44ED-A478-9BC724B68C08}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4777003E-414E-4417-ADBA-8600DF122FFD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8104A464-0F0B-4E34-98F5-C44CF0708000}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9CE2C813-1630-47B7-8514-6AAF28450A2B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A1F121C8-0EAB-4CE7-AFBA-0234F9ADD152}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E9389FCD-1666-45C1-B1F1-3A75C359C72B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1400EEFF-93A1-461E-BB5A-9F615925EF43}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{E8411286-9287-4B14-A007-8928409C6DE1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{00ACE80B-B41E-40EA-A5AB-63DC18D9D38D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{BB3EE62A-E19E-48A3-82E7-1822EF4DDA23}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{FF337B5E-C496-4CF2-8DDD-42BEEB2C676E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{539AE13C-2A09-4D31-8435-03796A5EFFBB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{02725209-B52B-4FD8-95B7-F47EBB74C4FA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E76BB129-CB61-4859-9D98-39117ED1CBA5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{85A069C5-6126-4EAA-ACFD-F71E85E982D2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{228056C2-F0F7-4FCF-95CC-E5600DC1EEBB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E46781D7-673C-458F-B0CD-8CF7E28F8E27}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{ADF5616A-5CAC-4D48-B810-18E8DD5CDAB5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{AF70E296-0309-4620-B0F5-08AF6BED84C2}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7CCE9F97-6071-4615-B7BF-7BAFAFA41EB1}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{DAF19E82-8327-4CDF-BEFD-D7B1FCC1A8F1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1CB80860-C3B8-416F-98BF-9FFBE1C8686F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0151F974-6D55-4DC9-9913-57A9CBB8DA16}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C58C7261-76D6-4702-90F7-5F0B1AA00EA5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{35BA0E5E-7F9B-45AC-B373-7B014348F88E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9AEB76F9-80A0-40CA-BC6C-5CD90484EF08}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5EABFAD5-DA21-4E2B-88CE-174E2664F3E5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8E9E513A-1E8F-4E19-A64B-4849F1D1DA13}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C9CB7D8F-F87D-443D-9D50-BCA7CF29B428}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{48CE8CCC-8D73-456D-8FDE-9C34A2935419}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0B58342A-456E-4A41-91B6-18E808C9CAC8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E9E5B267-FD06-40FB-BF26-EDA91EE15C0D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5F3698CC-1BEF-4E1E-BEDD-31601C2D4A49}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{DAF5F63E-024F-42C7-A6BA-1855AAD76394}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5B81A66D-8964-4375-B2B3-C6B952714502}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{51A141CB-9FB1-4E57-9F47-E8D6215A6288}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2B5C90E7-C17B-4E37-81B4-DB1F777C331D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B1176B39-D0DC-43A9-8656-AF74E50F6B24}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F3AF57C1-D0DD-471B-BA62-374B1810C984}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{978766D4-FB84-47B9-AEAF-686AC264DA75}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/12/2015 04:52:41 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: AUTORIDADE NT)
Description: There was an error with the Windows Location Provider database

Error: (09/12/2015 02:20:44 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: AUTORIDADE NT)
Description: There was an error communicating to the Orion inference server

Error: (09/12/2015 02:20:44 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: AUTORIDADE NT)
Description: There was an error communicating to the Orion inference server

Error: (09/12/2015 11:21:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa LiveComm.exe versão 17.5.9600.20911 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID do Processo: 1740

Hora de Início: 01d0ed65a1ace893

Hora de Término: 4294967295

Caminho do Aplicativo: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

ID do Relatório: 98e212a7-5959-11e5-82ae-201a0657a1d6

Nome completo do pacote com falha: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

ID do aplicativo relativo ao pacote com falha: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/12/2015 10:51:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa LiveComm.exe versão 17.5.9600.20911 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID do Processo: 1828

Hora de Início: 01d0ed6170ced05f

Hora de Término: 4294967295

Caminho do Aplicativo: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

ID do Relatório: 682b34c1-5955-11e5-82ae-201a0657a1d6

Nome completo do pacote com falha: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

ID do aplicativo relativo ao pacote com falha: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/12/2015 08:54:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: plugin-container.exe, versão: 40.0.3.5716, carimbo de data/hora: 0x55ddb213
Nome do módulo com falha: mozglue.dll, versão: 40.0.3.5716, carimbo de data/hora: 0x55dda062
Código de exceção: 0x80000003
Deslocamento da falha: 0x0000e250
ID do processo com falha: 0x2174
Hora de início do aplicativo com falha: 0xplugin-container.exe0
Caminho do aplicativo com falha: plugin-container.exe1
Caminho do módulo com falha: plugin-container.exe2
ID do Relatório: plugin-container.exe3
Nome completo do pacote com falha: plugin-container.exe4
ID do aplicativo relativo ao pacote com falha: plugin-container.exe5

Error: (09/11/2015 11:47:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa LiveComm.exe versão 17.5.9600.20911 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID do Processo: 2fa8

Hora de Início: 01d0ec9ff7df1d49

Hora de Término: 4294967295

Caminho do Aplicativo: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

ID do Relatório: eeff97cf-5893-11e5-82ac-201a0657a1d6

Nome completo do pacote com falha: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

ID do aplicativo relativo ao pacote com falha: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/11/2015 10:05:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: saUpd.exe, versão: 4.0.1.115, carimbo de data/hora: 0x55ae713e
Nome do módulo com falha: ntdll.dll, versão: 6.3.9600.17936, carimbo de data/hora: 0x55a68e0c
Código de exceção: 0xc0000374
Deslocamento da falha: 0x00000000000f1280
ID do processo com falha: 0x27c4
Hora de início do aplicativo com falha: 0xsaUpd.exe0
Caminho do aplicativo com falha: saUpd.exe1
Caminho do módulo com falha: saUpd.exe2
ID do Relatório: saUpd.exe3
Nome completo do pacote com falha: saUpd.exe4
ID do aplicativo relativo ao pacote com falha: saUpd.exe5

Error: (09/11/2015 09:33:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: saUpd.exe, versão: 4.0.1.115, carimbo de data/hora: 0x55ae713e
Nome do módulo com falha: ntdll.dll, versão: 6.3.9600.17936, carimbo de data/hora: 0x55a68e0c
Código de exceção: 0xc0000374
Deslocamento da falha: 0x00000000000f1280
ID do processo com falha: 0x2838
Hora de início do aplicativo com falha: 0xsaUpd.exe0
Caminho do aplicativo com falha: saUpd.exe1
Caminho do módulo com falha: saUpd.exe2
ID do Relatório: saUpd.exe3
Nome completo do pacote com falha: saUpd.exe4
ID do aplicativo relativo ao pacote com falha: saUpd.exe5

Error: (09/11/2015 06:19:37 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


System errors:
=============
Error: (09/12/2015 04:58:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Serviço de Compartilhamento de Rede do Windows Media Player foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar o serviço.

Error: (09/12/2015 04:58:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Nero Update foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (09/12/2015 04:58:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Intel(R) Dynamic Application Loader Host Interface Service foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (09/12/2015 04:58:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço GamesAppIntegrationService foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (09/12/2015 04:58:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço ePower Service foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (09/12/2015 04:58:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço NitroPDFReaderDriverCreatorReadSpool3 foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (09/12/2015 04:58:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço McAfee SiteAdvisor Service foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (09/12/2015 04:58:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço MBAMService foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (09/12/2015 04:58:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço MBAMScheduler foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (09/12/2015 04:58:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Intel(R) Capability Licensing Service Interface foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.


Microsoft Office:
=========================
Error: (09/12/2015 04:52:41 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: AUTORIDADE NT)
Description: -2147024883

Error: (09/12/2015 02:20:44 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: AUTORIDADE NT)
Description: -2143485936

Error: (09/12/2015 02:20:44 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: AUTORIDADE NT)
Description: -2143485936

Error: (09/12/2015 11:21:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20911174001d0ed65a1ace8934294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe98e212a7-5959-11e5-82ae-201a0657a1d6microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (09/12/2015 10:51:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20911182801d0ed6170ced05f4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe682b34c1-5955-11e5-82ae-201a0657a1d6microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (09/12/2015 08:54:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe40.0.3.571655ddb213mozglue.dll40.0.3.571655dda062800000030000e250217401d0e89e4d0c1ce4C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dllfc8d60c0-5944-11e5-82ac-201a0657a1d6

Error: (09/11/2015 11:47:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.209112fa801d0ec9ff7df1d494294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exeeeff97cf-5893-11e5-82ac-201a0657a1d6microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (09/11/2015 10:05:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: saUpd.exe4.0.1.11555ae713entdll.dll6.3.9600.1793655a68e0cc000037400000000000f128027c401d0ec9264f4d8c2c:\PROGRA~2\mcafee\SITEAD~1\saUpd.exeC:\Windows\SYSTEM32\ntdll.dlld3e9bbf6-5885-11e5-82ac-201a0657a1d6

Error: (09/11/2015 09:33:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: saUpd.exe4.0.1.11555ae713entdll.dll6.3.9600.1793655a68e0cc000037400000000000f1280283801d0ec8e0c5a180cc:\PROGRA~2\mcafee\SITEAD~1\saUpd.exeC:\Windows\SYSTEM32\ntdll.dll5f5c1815-5881-11e5-82ac-201a0657a1d6

Error: (09/11/2015 06:19:37 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) 2955U @ 1.40GHz
Percentage of memory in use: 44%
Total physical RAM: 3976.27 MB
Available physical RAM: 2203.46 MB
Total Virtual: 6280.27 MB
Available Virtual: 4530.57 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:447.69 GB) (Free:401.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3FB2AF5E)

Partition: GPT.

==================== End of Addition.txt ============================
         
--- --- ---



Jetzt gibt es nur noch nach jedem Click und nach Oeffnen einer Webseite ein Pop-up ohne Inhalt, das weggeklickt werden muss. Immer noch nicht schoen, wenn auch besser als vorher.

Gruss,
Carsten
__________________

Alt 13.09.2015, 10:40   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 / Firefox  russische Po-ups behindern normales Surfen - Standard

Windows 8 / Firefox russische Po-ups behindern normales Surfen



Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.09.2015, 19:20   #5
cybercarsten
 
Windows 8 / Firefox  russische Po-ups behindern normales Surfen - Standard

Windows 8 / Firefox russische Po-ups behindern normales Surfen



Hi!
So, habe alles erledigt. Soweit ich es bis jetzt festgestellen konnte, kommen keine unerwuenschten Pop-ups mehr, nur die normalen ads auf den Webseiten. Ist es sicher, die add-ons 'ad-blocker' und 'pop-up-blocker' fuer Firefox wieder zu installieren?

Hier die Logfiles:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d693e120ac0b564ea02d90d22fa29cd1
# end=init
# utc_time=2015-09-13 01:59:09
# local_time=2015-09-13 10:59:09 (-0300, Hora oficial do Brasil)
# country="Brazil"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 25738
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d693e120ac0b564ea02d90d22fa29cd1
# end=updated
# utc_time=2015-09-13 02:06:55
# local_time=2015-09-13 11:06:55 (-0300, Hora oficial do Brasil)
# country="Brazil"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d693e120ac0b564ea02d90d22fa29cd1
# engine=25738
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-09-13 04:23:07
# local_time=2015-09-13 01:23:07 (-0300, Hora oficial do Brasil)
# country="Brazil"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='*McAfee*'
# compatibility_mode=5133 16777213 100 100 1946243 28465793 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1425465 26337728 0 0
# scanned=219989
# found=69
# cleaned=0
# scan_time=8171
sh=E468F8A3C51102D192CD75D058D9CF8599F8059B ft=1 fh=7a9473f21ce4c1d3 vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3792598364-1687661706-653696805-1001\$RFA9QNI.exe"
sh=CCBEFE915764DF74B22180763E01A3DC6D94AAA5 ft=1 fh=3440d8520b886f10 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\bugreport.exe.vir"
sh=0C81C8D005E87E2526FB4041FE7E0F877095EF54 ft=1 fh=cd626c4c615852c7 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\feedback.exe.vir"
sh=76D6F32027B352A453E0B5DBD87C0EE9B62E66D2 ft=1 fh=b570671dabb97927 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iCommu.dll.vir"
sh=314DF67BCBE9C22BC856FF0D58B7E636EE00854A ft=1 fh=1f440b59142982aa vn="Variante von Win32/ELEX.BP evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iImportLib.dll.vir"
sh=74FCB2EC5D24AD817DB1B20D946812C0ED929F3D ft=1 fh=da2cf87b9d9b8014 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\ipcdl.exe.vir"
sh=7FA267D6817DDBF6B6B2E35C9D0F02B6A5F7D16B ft=1 fh=19c3129c503d9a17 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\ipcproxy.dll.vir"
sh=32E56208A066B113C21C1F060C2111C6BD71C936 ft=1 fh=eaca51ffa00d146b vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafe.exe.vir"
sh=2490F1F264100888646900515BFD8D6ACA634606 ft=1 fh=42e3517fad1057bc vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafeadfv.dll.vir"
sh=6FB0EC7FA39A92C8EF1542CAC0D8C5775FCAC340 ft=1 fh=8935d346c8a5fe9c vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeAdless.dll.vir"
sh=0C727CF441716E505CA96DC4D1A61811517AA9A1 ft=1 fh=23f0d7914b339092 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafebase.dll.vir"
sh=9EABF427C74B37FA22B9EA4FFBF04FF102DC237C ft=1 fh=5a293c0901b4c651 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeBugReport.exe.vir"
sh=EEAD6DD4BF535072EE73ECFFD8F9574254913C40 ft=1 fh=ca2df0912d2ad25d vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeCheckEngine.dll.vir"
sh=3DCA2A0108AE93E6B0331285141F30A4097C8DCC ft=1 fh=f5263e0b03cb6848 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafeclc.dll.vir"
sh=13A32E2FD04D2E21D7644FF713692BD4BB83B850 ft=1 fh=327a38da514e5b9c vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafeclcv.dll.vir"
sh=91BF86AD63A6BE08996B6C5F6343EDC4E9ED2FCD ft=1 fh=8787b1974d6ad007 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeDisp.dll.vir"
sh=7A342B567988B17C7E8D2E6B60C314C1ACEEBB9B ft=1 fh=d3ea449d9a451ec2 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeEngineBase.dll.vir"
sh=2DEDC624046057FACFB2B9F466E30393E6F9765A ft=1 fh=62a5ef082736a3e6 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeEngineDisp.dll.vir"
sh=380FB3A9FC2AFDE61AF7B367618EE260C2337840 ft=1 fh=4c6552cfe09b1144 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafehrv.dll.vir"
sh=3198B62A439A53F8293FEAC3D7B0DF2E904E2671 ft=1 fh=b2871a10b2e1ca01 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys.vir"
sh=D63C382B9034253BBA4F193088C930123CDD1372 ft=1 fh=db9d956462aa229a vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeKrnlBoot.sys.vir"
sh=495532AA96E3981D1F5BEA5C424C07BF9AA608CB ft=1 fh=4584fd12757f282c vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeKrnlCall.dll.vir"
sh=909C38B7D2D14931746C3C56379A179085413858 ft=1 fh=7321105da68260bd vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeKrnlCall64.dll.vir"
sh=A06F63253EBCD0AB59FA0E65E6D494574E707100 ft=1 fh=92df9d58319d8813 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys.vir"
sh=1C84BB311B295732EB988936DBBC738906A5A836 ft=1 fh=6402e3906cb1f216 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys.vir"
sh=7A3A62F705B8343628BF35B1A4F1033A7AA1A5FF ft=1 fh=4073ab3f0c5235fc vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafemadwc.dll.vir"
sh=E1D63B7E7760D5949423FC9A160CB6017ED67A84 ft=1 fh=627cb73f8ee5d793 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafembp.dll.vir"
sh=9CA58975FC3C9A631D3A7601CCD985CD581EB526 ft=1 fh=6828c7b553b09edd vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafemc.dll.vir"
sh=5F24FE5197163B9F7B6775B68332C176A735A3F2 ft=1 fh=7bfdb9ce44a13484 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafemclv.dll.vir"
sh=13F4ECDFD5E9B6D453F5149540CAE0BCE4D154F7 ft=1 fh=60a9096bd1674c9d vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafemgc.dll.vir"
sh=B085F3B75859CB3B44474F4106B002ADB8381BC6 ft=1 fh=dfc6ab8219e880ba vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeMon.dll.vir"
sh=9C0D68A62F1801437BE39284F06396DCB9EDD761 ft=1 fh=040cc569a52d7f29 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeMon64.dll.vir"
sh=70A35F09C813BDE1A058B6285ED63D3F51D41749 ft=1 fh=73bb8839097339fd vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafemoptv.dll.vir"
sh=49723270351B5796176E543A84F8C81370D9673F ft=1 fh=457096411e24cc59 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafemsmv.dll.vir"
sh=D7B150E231932E12CA36CF7212F2F394C0743138 ft=1 fh=77bb856e8f9c77ef vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafemvsv.dll.vir"
sh=B66F2DE66CAC50CF63E3C98F7F94442E99F8F9CB ft=1 fh=f1468668d09ad014 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeNetFilter.sys.vir"
sh=9E9D6D39D387D24282AC76B132923AC9F761A04D ft=1 fh=06684f23cc4f2f83 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafenpf.dll.vir"
sh=1913D3B72C7C5D5BCA1DCDC7E4761AE55BE7BD2C ft=1 fh=d9cb2167ef638276 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafepxy.dll.vir"
sh=838F6648E82222325803A371573BBE0FBA127817 ft=1 fh=774858ec215194a7 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeRKScanShell64.dll.vir"
sh=78A7352BAB40D5BD9EE30D42F2F0ACCD065C4AC4 ft=1 fh=ac58524e5e670b00 vn="Variante von Win32/ELEX.CR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isaferpt.dll.vir"
sh=7511A8143BDD1F30CDFB557B4EC57D1D0AAE63CF ft=1 fh=b835c478d73e47de vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafesmgr.dll.vir"
sh=21A1988AFC0421C21A0231E70D51C824C7A4A4C2 ft=1 fh=763e5c347b19335a vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafesopt.dll.vir"
sh=87A7BA181F52E8B030CB3AA85BF9F9749231B054 ft=1 fh=6881026f68ed4361 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafesptv.dll.vir"
sh=40BE1642BE2AE75B9C0E91F7BDC4D4695532C628 ft=1 fh=309ecf612dbb6a4e vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll.vir"
sh=73C544FB694E19D4BA7DA35389F1568AECBCD3AC ft=1 fh=b6047ef424b208d0 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafesv.dll.vir"
sh=5E29A0555FF4B7698F368127696073CDE5640C0E ft=1 fh=f356f4bbd41c164e vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeTHlp.exe.vir"
sh=7E927B7CF66CC71DA5B3279C822040DE0032E95A ft=1 fh=1ae30e5db43fc164 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeTHlp64.exe.vir"
sh=8B0A634D42E0AD2A563900539607F5AD760E6A59 ft=1 fh=650d856d2f2e0de5 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe.vir"
sh=DDC6B72078B33637921C9817E015BDBA28085615 ft=1 fh=a236cef92daaa011 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafeupbiz.dll.vir"
sh=BB74B0E7FA395240BC0389A5BA88E730911AFD52 ft=1 fh=4706c1f1113d87da vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeUpdate.exe.vir"
sh=E24FA928E74FCD11766B3B275F1CD35F718103B4 ft=1 fh=3a92103d0f5c1ae1 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafevirup.dll.vir"
sh=1C7BFA6EF2ACFC464FAB55B9F264E10946893FC8 ft=1 fh=95bd67882ff93fe8 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeVirusScanner.exe.vir"
sh=2CFDC3F4ECEABDCDE1C3D6ABC8E03F4FDFD1141A ft=1 fh=4964674b31523722 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iStart.exe.vir"
sh=63AA23EF485646E48BB88445AF68593076F5DE17 ft=1 fh=34529334f5453ff1 vn="Variante von Win32/ELEX.CS evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSvc.dll.vir"
sh=153628585B65086FFE5757AFE0EB93F02C1289F3 ft=1 fh=95cf30d806c45926 vn="Variante von Win32/ELEX.BX evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSvc2.dll.vir"
sh=7C0416943BF9ACBB336C913A811961B718BE4740 ft=1 fh=5bdc4434fb2d6a94 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iTPFeedback.dll.vir"
sh=F44EC5A65FFECE69809066F9C244AC76E2105A9E ft=1 fh=593947e9c4d5744d vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iTPFloaty.dll.vir"
sh=77C00908CCBA162D58359A1D8DB878EF4BD92E34 ft=1 fh=ebd5dfdd288a8bca vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iTpNodisturb.dll.vir"
sh=45A252D14E28E5DF329F471E29D99EC5B7743D59 ft=1 fh=5105ac6dcb9ab59b vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iTPProtect.dll.vir"
sh=D9FB8E508D2A1ECEEC52C5A005819CE3B501874A ft=1 fh=948dc605e240342c vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iTPStartupAssist.dll.vir"
sh=808037E1CE5197AA731AC66BD16F4277AA15DCFF ft=1 fh=b18c16ed5874bc36 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iTPVirus.dll.vir"
sh=BB51A0DC79D30DA761CDD3CF2722593383AED83A ft=1 fh=44b41abadadbb99f vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\libcurl.dll.vir"
sh=C5A8E93FAE4206F359C4F90E8D906B0D1E651803 ft=1 fh=139f273bdf073a4b vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\libeay32.dll.vir"
sh=46EF4ABB3CFB6218629AF5EC34ED3BBEA7862F2C ft=1 fh=1c4e3818c2de3b77 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\sqlite3x64.dll.vir"
sh=64DD0DAD3913748A45C52B27883A00BBC1F7B812 ft=1 fh=4963272827b4a097 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\ssleay32.dll.vir"
sh=7CEA7CB7653AEBEB8A4015269AEE59C54867EF20 ft=1 fh=b548ff4825f90d2e vn="Variante von Win32/ELEX.DB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\uninstall.exe.vir"
sh=1E327740B7A952737D3E7CF0BA3A4E65FBFA4ADB ft=1 fh=3f7be19e39705f9b vn="Win32/ELEX.CW evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\YacLuckySpin.exe.vir"
sh=B66F2DE66CAC50CF63E3C98F7F94442E99F8F9CB ft=1 fh=f1468668d09ad014 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\iSafeNetFilter.sys.vir"
sh=3519C13547DFDB32A7FB9549730077EC7A5AB06E ft=1 fh=9e0b256b26f4e60a vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Monica\AppData\Local\Temp\nspEA15.tmp"
         
Code:
ATTFilter
 Results of screen317's Security Check version 1.008  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender                    
Antiv¡rus e antispyware da McAfee   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 45  
 Java version 32-bit out of Date! 
 Adobe Flash Player 	18.0.0.232  
 Mozilla Firefox (40.0.3) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 mcafee VirusScan mcods.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
Ran by Monica (administrator) on MONICA (13-09-2015 13:57:34)
Running from C:\Users\Monica\Desktop
Loaded Profiles: Monica (Available Profiles: Monica)
Platform: Windows 8.1 Single Language (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Dropbox, Inc.) C:\Users\Monica\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.6.1008.0\McCSPServiceHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\Core\mchost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\Core\mchost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dropbox, Inc.) C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\Core\mchost.exe
() C:\Users\Monica\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2015-07-27] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3792598364-1687661706-653696805-1001\...\Run: [Dropbox Update] => C:\Users\Monica\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-07-27] ()
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-18] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-18] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-18] (Acer Incorporated)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-12-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1	mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 89.248.166.149 8.8.8.8
Tcpip\..\Interfaces\{7B40D5F3-8CB1-4B0F-AF03-7785EE67636D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BCA91B0F-7C70-41BA-A4FA-BAB10466C94F}: [DhcpNameServer] 89.248.166.149 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3792598364-1687661706-653696805-1001 -> DefaultScope {9398AD76-4E30-43A2-99DD-236C1B42E630} URL = hxxps://br.search.yahoo.com/search?fr=mcafee&type=C011BR0D20140722&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3792598364-1687661706-653696805-1001 -> {9398AD76-4E30-43A2-99DD-236C1B42E630} URL = hxxps://br.search.yahoo.com/search?fr=mcafee&type=C011BR0D20140722&p={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-07] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-07] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\ts62p6ur.default-1442152038061
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-07] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-05-01] (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-11-01]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-25]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-07-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-16] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-07-21] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
S4 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-05-01] (Nitro PDF Software)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2014-11-12] (The OpenVPN Project)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-07-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-13 13:57 - 2015-09-13 13:58 - 00020936 _____ C:\Users\Monica\Desktop\FRST.txt
2015-09-13 13:56 - 2015-09-13 13:56 - 00000969 _____ C:\Users\Monica\Desktop\checkup.txt
2015-09-13 13:33 - 2015-09-13 13:34 - 00852704 _____ C:\Users\Monica\Desktop\SecurityCheck.exe
2015-09-13 10:59 - 2015-09-13 10:59 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-13 10:47 - 2015-09-13 10:47 - 00000000 ____D C:\Users\Monica\Desktop\Old Firefox Data
2015-09-13 10:44 - 2015-09-13 10:44 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-13 10:44 - 2015-09-13 10:44 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-13 10:44 - 2015-09-13 10:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-13 10:41 - 2015-09-13 10:41 - 00242600 _____ C:\Users\Monica\Downloads\Firefox Setup Stub 40.0.3.exe
2015-09-13 10:31 - 2015-09-13 10:31 - 00001284 _____ C:\Users\Monica\Desktop\Revo Uninstaller.lnk
2015-09-13 10:31 - 2015-09-13 10:31 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-09-13 10:29 - 2015-09-13 10:29 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Monica\Desktop\revosetup95.exe
2015-09-13 10:24 - 2015-09-13 10:24 - 01193613 _____ C:\Users\Monica\Desktop\bookmarks-2015-09-13.json
2015-09-13 04:20 - 2015-09-13 04:20 - 00000996 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3792598364-1687661706-653696805-1001Core1d0edf4bd37c170.job
2015-09-12 17:08 - 2015-09-12 17:09 - 00059233 _____ C:\Users\Monica\Desktop\Addition2.txt
2015-09-12 17:07 - 2015-09-12 17:09 - 00040630 _____ C:\Users\Monica\Desktop\FRST2.txt
2015-09-12 17:01 - 2015-09-12 17:01 - 00000976 _____ C:\Users\Monica\Desktop\JRT.txt
2015-09-12 16:52 - 2015-09-12 16:52 - 00001495 _____ C:\Users\Monica\Desktop\AdwCleaner[C2].txt
2015-09-12 16:36 - 2015-09-12 16:36 - 01799392 _____ (Malwarebytes Corporation) C:\Users\Monica\Desktop\JRT_7600.exe
2015-09-12 16:35 - 2015-09-12 16:35 - 01660416 _____ C:\Users\Monica\Desktop\AdwCleaner_5.007.exe
2015-09-12 10:48 - 2015-09-12 10:48 - 00005143 _____ C:\Users\Monica\Desktop\SISTEMA_ODS.LOG
2015-09-12 10:48 - 2015-09-12 10:48 - 00002019 _____ C:\Users\Monica\Desktop\Monica_ODS.LOG
2015-09-12 10:48 - 2015-09-12 10:48 - 00001019 _____ C:\Users\Monica\Desktop\OAS.LOG
2015-09-12 10:40 - 2015-09-12 10:40 - 00002855 _____ C:\Users\Monica\Desktop\MWB20150912.txt
2015-09-12 10:39 - 2015-09-12 10:39 - 00005822 _____ C:\Users\Monica\Desktop\MWB201505.txt
2015-09-12 09:55 - 2015-09-12 09:55 - 00007508 _____ C:\Users\Monica\Desktop\gmer20150912.log
2015-09-12 09:49 - 2015-09-12 09:49 - 00380416 _____ C:\Users\Monica\Desktop\Gmer-19357.exe
2015-09-12 09:45 - 2015-09-12 09:45 - 00000474 _____ C:\Users\Monica\Desktop\defogger_disable.log
2015-09-12 09:45 - 2015-09-12 09:45 - 00000000 _____ C:\Users\Monica\defogger_reenable
2015-09-12 09:44 - 2015-09-12 09:44 - 00050477 _____ C:\Users\Monica\Desktop\Defogger.exe
2015-09-12 09:32 - 2015-09-12 09:34 - 00060640 _____ C:\Users\Monica\Desktop\Addition1.txt
2015-09-12 09:30 - 2015-09-12 09:34 - 00041285 _____ C:\Users\Monica\Desktop\FRST1.txt
2015-09-12 09:29 - 2015-09-13 13:57 - 00000000 ____D C:\FRST
2015-09-12 09:29 - 2015-09-12 09:29 - 02190848 _____ (Farbar) C:\Users\Monica\Desktop\FRST64.exe
2015-09-11 07:46 - 2015-09-02 23:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-11 07:46 - 2015-09-02 23:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-11 07:46 - 2015-09-02 15:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-11 07:46 - 2015-09-02 14:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-11 07:46 - 2015-07-22 11:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-11 07:46 - 2015-07-22 10:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-11 07:46 - 2015-07-17 11:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-11 07:46 - 2015-07-17 11:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-11 07:46 - 2015-07-09 13:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-09-11 07:46 - 2015-07-03 18:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-11 07:46 - 2015-07-03 11:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-09-11 07:46 - 2015-06-27 08:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-11 07:46 - 2015-06-19 14:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-09-11 07:45 - 2015-07-13 16:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml
2015-09-11 07:45 - 2015-07-10 16:06 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2015-09-10 21:49 - 2015-09-10 21:49 - 00330240 _____ C:\Users\Monica\Downloads\TP4 present simple.ppt
2015-09-09 07:38 - 2015-08-26 23:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 07:38 - 2015-08-26 15:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-09 07:38 - 2015-08-26 15:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-09 07:38 - 2015-08-26 15:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-09 07:38 - 2015-08-26 15:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-09 07:38 - 2015-08-26 11:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 07:38 - 2015-08-26 11:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 07:38 - 2015-08-26 11:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 07:38 - 2015-08-26 11:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-09 07:38 - 2015-08-26 11:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 07:38 - 2015-08-26 11:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 07:38 - 2015-08-26 11:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 07:37 - 2015-07-30 14:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 07:37 - 2015-07-30 13:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-09 07:36 - 2015-08-22 15:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 07:36 - 2015-08-22 14:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 07:36 - 2015-08-22 14:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 07:36 - 2015-08-22 14:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 07:36 - 2015-08-22 14:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 07:36 - 2015-08-22 14:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 07:36 - 2015-08-22 13:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 07:36 - 2015-08-22 13:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 07:36 - 2015-08-22 13:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-09 07:36 - 2015-08-22 13:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 07:36 - 2015-08-22 13:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-09 07:36 - 2015-08-22 13:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 07:36 - 2015-08-22 13:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 07:36 - 2015-08-22 13:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 07:36 - 2015-08-22 13:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 07:36 - 2015-08-22 13:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 07:36 - 2015-08-22 13:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 07:36 - 2015-08-22 13:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 07:36 - 2015-08-22 13:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-09 07:36 - 2015-08-22 13:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 07:36 - 2015-08-22 13:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-09 07:36 - 2015-08-22 13:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 07:36 - 2015-08-22 13:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 07:36 - 2015-08-22 13:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 07:36 - 2015-08-22 13:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 07:36 - 2015-08-22 13:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 07:36 - 2015-08-22 13:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 07:36 - 2015-08-22 12:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 07:36 - 2015-08-22 12:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 07:36 - 2015-07-22 11:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 07:36 - 2015-07-22 11:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-09 07:36 - 2015-07-22 11:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-09 07:36 - 2015-07-22 11:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 07:36 - 2015-07-18 15:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-09 07:36 - 2015-07-18 15:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-09 07:36 - 2015-07-18 15:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-09 07:36 - 2015-07-18 15:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-09 07:35 - 2015-09-01 23:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 07:35 - 2015-09-01 23:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 07:35 - 2015-09-01 23:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 07:35 - 2015-09-01 23:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-09 07:35 - 2015-09-01 23:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-09 07:35 - 2015-08-03 18:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 07:35 - 2015-08-03 18:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-09 07:35 - 2015-08-01 11:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 07:35 - 2015-08-01 00:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-09 07:35 - 2015-08-01 00:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-09 07:35 - 2015-08-01 00:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 07:35 - 2015-08-01 00:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-09 07:35 - 2015-08-01 00:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-09 07:35 - 2015-07-14 00:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
2015-08-27 19:18 - 2015-08-27 19:18 - 01734144 _____ C:\Users\Monica\Downloads\lesson3.ppt
2015-08-20 20:42 - 2015-08-20 20:44 - 27555912 _____ C:\Users\Monica\Downloads\Luxury Lifestyle.avi
2015-08-19 04:52 - 2015-08-19 04:52 - 00003334 _____ C:\Windows\System32\Tasks\AcerCloud
2015-08-19 04:52 - 2015-08-19 04:52 - 00002028 _____ C:\Users\Public\Desktop\Acer Portal.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-21 10:36 - 2014-02-05 19:33 - 00000852 _____ C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 04:34 - 2014-02-05 19:33 - 00000712 _____ C:\Windows\system32\Drivers\RTMICEQ0.dat
2015-09-13 13:03 - 2014-07-02 21:26 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-13 13:02 - 2014-02-05 19:03 - 01567176 _____ C:\Windows\WindowsUpdate.log
2015-09-13 13:00 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-13 12:53 - 2014-11-12 18:11 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-13 11:01 - 2014-07-02 17:12 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3792598364-1687661706-653696805-1001
2015-09-13 11:00 - 2015-01-07 09:34 - 00000000 ___RD C:\Users\Monica\Dropbox
2015-09-13 11:00 - 2015-01-07 09:31 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Dropbox
2015-09-13 10:58 - 2014-02-06 00:45 - 00774900 _____ C:\Windows\system32\prfh0416.dat
2015-09-13 10:58 - 2014-02-06 00:45 - 00158494 _____ C:\Windows\system32\prfc0416.dat
2015-09-13 10:58 - 2013-11-01 08:36 - 01797166 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-13 10:53 - 2014-07-02 19:15 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7A32C733-5B5E-4645-84DD-67B52D44E8A1}
2015-09-13 10:44 - 2014-07-05 18:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-13 04:20 - 2014-07-02 17:10 - 00000000 __RDO C:\Users\Monica\SkyDrive
2015-09-13 04:19 - 2014-07-02 17:06 - 00000000 ____D C:\Users\Monica
2015-09-13 04:19 - 2013-08-22 11:46 - 00032997 _____ C:\Windows\setupact.log
2015-09-13 04:19 - 2013-08-22 11:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-12 18:09 - 2015-01-29 14:14 - 00000000 __SHD C:\Users\Monica\AppData\Local\EmieBrowserModeList
2015-09-12 18:09 - 2014-07-05 18:21 - 00000000 __SHD C:\Users\Monica\AppData\Local\EmieUserList
2015-09-12 18:09 - 2014-07-05 18:21 - 00000000 __SHD C:\Users\Monica\AppData\Local\EmieSiteList
2015-09-12 16:50 - 2015-05-07 20:12 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-09-12 16:49 - 2013-11-01 08:23 - 00875634 _____ C:\Windows\PFRO.log
2015-09-12 16:47 - 2015-04-28 14:43 - 00000000 ____D C:\AdwCleaner
2015-09-12 10:29 - 2013-08-22 10:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-12 10:00 - 2014-11-12 18:11 - 00001118 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-12 10:00 - 2014-11-12 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-09-12 10:00 - 2014-11-12 18:11 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-09-12 09:17 - 2013-08-22 11:44 - 00362728 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-12 09:12 - 2013-08-22 16:12 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-12 09:12 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-12 09:11 - 2014-07-02 18:10 - 00000000 ____D C:\Windows\system32\MRT
2015-09-12 09:02 - 2015-07-31 10:18 - 00024145 _____ C:\Users\Monica\Documents\promotoria.odt
2015-09-11 11:49 - 2013-08-22 12:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-11 11:08 - 2013-08-22 10:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-09-11 06:01 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-10 21:53 - 2014-07-20 08:02 - 00309248 ___SH C:\Users\Monica\Downloads\Thumbs.db
2015-09-09 07:15 - 2014-07-02 23:18 - 00000000 ____D C:\Users\Monica\AppData\Local\CrashDumps
2015-09-08 08:23 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\rescache
2015-09-05 05:37 - 2014-09-10 14:33 - 00553984 ___SH C:\Users\Monica\Documents\Thumbs.db
2015-08-26 18:37 - 2014-07-02 18:10 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-23 17:18 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\NDF
2015-08-19 04:52 - 2013-11-01 08:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-08-19 04:46 - 2014-07-02 17:09 - 00000000 ____D C:\Users\Monica\AppData\Local\clear.fi
2015-08-17 10:25 - 2014-12-13 11:18 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-17 10:25 - 2014-07-10 11:16 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-17 10:25 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-17 10:25 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-17 10:25 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-17 10:25 - 2013-08-22 12:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-17 10:25 - 2013-08-22 12:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender

==================== Files in the root of some directories =======

2014-11-26 17:39 - 2014-11-26 17:42 - 30896010 _____ () C:\Program Files\Passware Kit PRO.zip
2014-04-22 09:03 - 2014-04-22 09:03 - 123392946 _____ () C:\Program Files (x86)\openoffice1.cab
2014-04-22 09:01 - 2014-04-22 09:01 - 2310144 _____ () C:\Program Files (x86)\openoffice410.msi
2014-04-22 09:01 - 2014-04-22 09:01 - 0476160 _____ () C:\Program Files (x86)\setup.exe
2014-04-22 09:01 - 2014-04-22 09:01 - 0000279 _____ () C:\Program Files (x86)\setup.ini
2014-07-05 17:23 - 2014-07-05 17:23 - 0000266 _____ () C:\Users\Monica\AppData\Local\alwju.bat
2014-07-05 17:21 - 2014-07-05 17:21 - 0000266 _____ () C:\Users\Monica\AppData\Local\bncpb.bat
2014-07-05 17:18 - 2014-07-05 17:18 - 0000266 _____ () C:\Users\Monica\AppData\Local\ikuwyceg.bat
2014-07-05 17:25 - 2014-07-05 17:25 - 0000266 _____ () C:\Users\Monica\AppData\Local\isnpkup.bat
2014-07-05 17:31 - 2014-07-05 17:31 - 0000266 _____ () C:\Users\Monica\AppData\Local\lindinsi.bat
2014-07-05 17:27 - 2014-07-05 17:27 - 0000266 _____ () C:\Users\Monica\AppData\Local\timyfs.bat
2014-07-05 17:29 - 2014-07-05 17:29 - 0000266 _____ () C:\Users\Monica\AppData\Local\tyeljw.bat
2014-02-05 19:33 - 2014-02-05 19:33 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Monica\AppData\Local\Temp\8EDA.exe
C:\Users\Monica\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjmcik1.dll
C:\Users\Monica\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Monica\AppData\Local\Temp\nitro_reader3_64.exe
C:\Users\Monica\AppData\Local\Temp\octC2DF.tmp.exe
C:\Users\Monica\AppData\Local\Temp\Quarantine.exe
C:\Users\Monica\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-01 07:33

==================== End of FRST.txt ============================
         
--- --- ---


Kann ich Defogger wieder ausschalten und die Tools vom Rechner entfernen?

Gruss,
Carsten


Alt 13.09.2015, 19:21   #6
cybercarsten
 
Windows 8 / Firefox  russische Po-ups behindern normales Surfen - Standard

Windows 8 / Firefox russische Po-ups behindern normales Surfen



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by Monica (2015-09-13 13:59:24)
Running from C:\Users\Monica\Desktop
Windows 8.1 Single Language (X64) (2014-07-02 20:07:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3792598364-1687661706-653696805-500 - Administrator - Disabled)
Convidado (S-1-5-21-3792598364-1687661706-653696805-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3792598364-1687661706-653696805-1003 - Limited - Enabled)
Monica (S-1-5-21-3792598364-1687661706-653696805-1001 - Administrator - Enabled) => C:\Users\Monica

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Antivírus e antispyware da McAfee  (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Antivírus e antispyware da McAfee  (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.08.2003 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.04.2004.0 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.07.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.09.2004.0 - Acer Incorporated)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.8 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.2.1.2 - Broadcom Corporation)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3126.57 - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-3792598364-1687661706-653696805-1001\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Ferramentas do Visual Studio 2005 para Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.245 - SurfRight B.V.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.115 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-GB)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Nitro Reader 3 (HKLM\...\{E5660852-CBDA-4C17-9475-C0C0E5A4CFB4}) (Version: 3.5.3.14 - Nitro)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
OpenOffice 4.1.0 (HKLM-x32\...\{28B88897-774A-4005-BBFF-663B1F8EAA5A}) (Version: 4.10.9764 - Apache Software Foundation)
PDF Split And Merge Basic (HKLM\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.3 - Andrea Vacondio)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.13 - Synaptics Incorporated)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Restore Points =========================

20-08-2015 17:36:08 Windows Update
31-08-2015 07:12:32 Windows Update
08-09-2015 15:27:34 Ponto de Verificação Agendado
12-09-2015 09:06:37 Windows Update
13-09-2015 10:32:20 Revo Uninstaller's restore point - Mozilla Firefox 40.0.3 (x86 en-GB)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 10:25 - 2015-08-11 14:54 - 00000854 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.1	mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F27EC7E-E8F1-4D6C-88D1-DBB19477BD39} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-11 -> No File <==== ATTENTION
Task: {10F98876-4BA0-4BA8-9E98-B7F46BDAD16F} - System32\Tasks\lindinsi => C:\Users\Monica\AppData\Local\lindinsi.bat [2014-07-05] ()
Task: {190DC44D-8E22-45F9-A675-5D78CA06A748} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-5_user -> No File <==== ATTENTION
Task: {202B0A4E-918B-4043-93A7-D81700F16E24} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-08-13] (Acer)
Task: {2BF73531-0812-442F-9C20-298864C2A821} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {2EA1FE73-FE03-4AF7-97F8-A58AB7D291F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {335486A0-07A8-44F5-A129-987F88214A7D} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-07-23] (Acer Incorporated)
Task: {3C7020F0-4BDB-4AA4-B34C-808F90E2F5E7} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {3F365E5C-C7BB-40F1-B0A1-6549DCE46748} - System32\Tasks\ikuwyceg => C:\Users\Monica\AppData\Local\ikuwyceg.bat [2014-07-05] ()
Task: {57493D84-9C8E-4615-9641-B22D812C6F75} - System32\Tasks\isnpkup => C:\Users\Monica\AppData\Local\isnpkup.bat [2014-07-05] ()
Task: {5BACF658-2447-4EE9-BD6B-67A1EF12175A} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-5 -> No File <==== ATTENTION
Task: {5E558A77-EABC-48A8-907C-A2856FA13AA3} - System32\Tasks\timyfs => C:\Users\Monica\AppData\Local\timyfs.bat [2014-07-05] ()
Task: {646B7114-B6C8-4ED3-BF80-743BA8FDB6FD} - System32\Tasks\tyeljw => C:\Users\Monica\AppData\Local\tyeljw.bat [2014-07-05] ()
Task: {65C76B99-C017-47DD-AAC9-1E3C75D833A9} - System32\Tasks\alwju => C:\Users\Monica\AppData\Local\alwju.bat [2014-07-05] ()
Task: {70FDF72B-6D2F-4B0E-8BFF-03C2957AD54A} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {7124E938-5E16-4442-B98D-EC5187990663} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate)
Task: {72D0B9F4-8143-4B6F-87C3-D306AF544271} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {75412B3F-992A-4759-9CB7-64225A7FB2BD} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-1 -> No File <==== ATTENTION
Task: {8831CF92-CBD4-45E3-A388-BA52CCB27FC4} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {98D21829-3B98-48A1-894F-6A625F8CCFC3} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {9BD3C0E8-3784-4E29-BF6B-77845CB8110D} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-2 -> No File <==== ATTENTION
Task: {A1775910-CDE8-43B3-9ED4-203C04B24E14} - System32\Tasks\bncpb => C:\Users\Monica\AppData\Local\bncpb.bat [2014-07-05] ()
Task: {A304EFB4-FE0F-45F7-8AFD-B62CF6EDE5B6} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-3 -> No File <==== ATTENTION
Task: {C16458BF-446D-469A-83E4-AB0E7F682EF5} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-4 -> No File <==== ATTENTION
Task: {D3DFA619-5149-4796-AC2D-BF89A73E4E9A} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {E5B91C5B-4900-4DB1-8BE0-51E7B7AB1DC6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {E8CFD0D5-62DF-4B73-B28B-6925F60E0925} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3792598364-1687661706-653696805-1001Core1d0edf4bd37c170.job => C:\Users\Monica\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-02-05 19:54 - 2013-07-30 17:11 - 00110152 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2013-09-07 00:48 - 2013-09-07 00:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 00:45 - 2013-09-07 00:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 00:52 - 2013-09-07 00:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-07-27 17:46 - 2015-07-27 17:46 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-09-13 13:33 - 2015-09-13 13:34 - 00852704 _____ () C:\Users\Monica\Desktop\SecurityCheck.exe
2015-08-05 19:48 - 2015-08-05 19:48 - 00201568 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00653112 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00640352 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00118112 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-07-27 07:26 - 2015-07-27 07:26 - 00014176 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-07-23 16:08 - 2015-07-23 16:08 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-07-23 15:56 - 2015-07-23 15:56 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-08-13 20:48 - 2015-08-13 20:48 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-08-13 20:48 - 2015-08-13 20:48 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2014-02-05 19:26 - 2013-09-03 20:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-09-13 11:00 - 2015-09-13 11:00 - 00071168 _____ () c:\users\monica\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjmcik1.dll
2015-03-04 18:45 - 2015-08-05 02:26 - 00012800 _____ () C:\Users\Monica\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 18:45 - 2015-08-05 02:26 - 00779776 _____ () C:\Users\Monica\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-09-13 10:59 - 2015-08-05 02:26 - 00056320 _____ () C:\Users\Monica\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 18:45 - 2015-08-05 02:26 - 00012288 _____ () C:\Users\Monica\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2014-02-05 19:54 - 2013-07-30 17:11 - 00088648 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Monica\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Monica\Documents\Anderson pedido.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\Anderson pedido.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\autoriracao rateio 13 salario.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\autoriracao rateio 13 salario.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\Hotel pagamento.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\Hotel pagamento.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\OAB curso.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\OAB curso.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\Processo Anarilda Wellington.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Monica\Documents\rateio 13 salario.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\rateio 13 salario.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\T03 attendance 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\T03 attendance 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\T03 attendance 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\T03 attendance 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\T03 QT.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\T03 QT.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\T03 schedule.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\T03 schedule.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\Thyssen boleto.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\Thyssen boleto.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\Vienna Freud.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\Vienna Freud.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3792598364-1687661706-653696805-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 89.248.166.149 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{868B7A9A-3771-488A-953B-F26B35463F52}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{A6AAD695-9D85-43D8-8EF1-840D0D7225E8}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{D424EB46-FD6A-42B8-BF84-BAE5582EB53B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{878298F0-B10E-41D2-B924-10795C559E21}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{A95C9EAB-BCAF-487E-A78E-91A41FF59D77}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{5A01F964-4C54-4E28-A134-8B7737552A6C}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{5EB92DF1-D48E-476E-96D6-9EF4B001E2CD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{2882398B-6DF1-48C4-AD47-B83295F56AA7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{FFC1E2C4-C418-46D0-A9A6-704C2392E609}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{6DDB21F3-ADF3-4784-8261-85C4EDA81B72}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{AFAB4A6E-22ED-48DD-86FE-5BD3DDA901D1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{63611343-3981-4AB1-8B24-BD730C4B4616}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{638023C5-0CE1-460B-8E2B-27E1323D5745}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{7B8F9CDC-8B63-46E8-8B9C-9B41C5F71BCE}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{F61E21B8-A811-4390-8C48-F76709C647B4}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{32CB50FA-5ECE-4CE2-809A-62EEAD42AD73}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{D26B9193-3F07-4625-8CEA-AE17F9E69ABB}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{7F4E1D66-B2BB-4F19-AC59-0A323EE6CDA3}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{6A840E65-DA1B-429A-AF4F-73BE8B951184}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{271879EF-7A48-4758-BC5F-538D9F33B421}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{A875F548-50CF-42D6-BC9C-E20F305F33B4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{B5E3560E-AD87-44E5-959D-792E2648C3F4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{0A663979-5B49-4EB1-9654-114059C55B1D}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{4B3D8C37-3C44-43BD-9BF5-BD7436DDC9C1}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{2FA47325-1091-4631-949D-6C9E8250C8DC}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{7F7C622A-1DA4-4592-AB73-BF3AE172A9C4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{264CADAA-C8EB-4F77-8D5B-594862727558}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{056F5CE8-5D3B-4A98-8598-860442AF70D8}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{2CF087A2-0A94-4B1F-BF9E-E981076CF396}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{881BD0AC-6A1A-4B2A-BFB0-F082B355D0A5}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{0222F0C9-A388-4D48-9915-50C5FCCB1142}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{C2251342-C52A-4761-943B-C3F3754AA2BD}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{2CAD4F62-82BD-4EA4-AF23-3F27A35C56E0}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{D170B7FF-9CB2-40AE-ADFE-12DAFF0D6B0F}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{A2C5235E-F22F-440B-83BA-4904F19D3E6A}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{3A3BA756-49D5-4155-ABA4-294F4B07B8DB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{5B123DF9-9854-452A-9373-637B53F5C6A5}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{FAB3BB80-2F01-4864-9FC1-AFD08D68C346}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{97AEFD6C-C061-4DC0-B147-0337EA7112B6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{3016371D-2ED5-44FE-BF84-004194B3F1BA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{8E4DA2B1-732A-424C-97BD-35EF3D105D5E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{F5D63344-8AD3-4DED-A560-E2D440E6DFF2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{1FAEED5E-6B1F-4F0F-A11E-BCE5B072BC4D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{F676DF36-0BDF-4856-B392-1F6A6306A90B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{4EC186E5-B7C0-4F15-BC32-C651A7A227AB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{F4D1FF55-E8CA-41D6-86D6-A6EF82A19AC9}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{9E74EFCD-9DFA-4F18-BF63-D1FFD2C71BE6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{2279D5BE-86C8-4937-A4A0-9BAC04524933}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{C6CC19CE-1B50-436B-B62E-7726F68F04EB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{CF1E157F-3F22-4462-8C4D-D3AB28319EFC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{6F4A818D-11AC-4593-BE86-CD9E64036F6F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{AD378EB5-2202-4560-9DBF-BE2235558B64}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{8389B775-3C41-47F4-BFF9-990CC3A4A27F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{22F5B9FD-CE76-457B-A7E7-0496E8A080FC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{06F4BBC1-CB61-4B40-B1A7-D194A99EE9C6}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0700FB97-8510-4857-A77D-0FF68F36D201}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1C8272E6-B760-4020-A911-A4225A882F08}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{2CB13FF8-B673-44D5-9024-6FE67FC564E2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{ACD2B40B-E57F-434A-AC4B-380600317282}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{7A22DA6B-9407-4BB2-A534-2E62B3333879}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{8FB30E29-BE65-442D-A164-C99A40612211}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{93241890-2DF0-445D-B4FA-4D271080442F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{038E517A-F8C2-470B-B57D-3A67ED609DD7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{444045C5-0F26-48C0-90FE-A678CAD420FD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2683B2DC-283B-4E09-856A-1DF0CFB54C0B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B5C97B80-385A-4971-9BBA-50A2A50A5070}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{3D7D96BA-3AA9-4A42-972F-CBD7D0CCCA96}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8234C44A-6F09-4519-B0BF-F57B46BE901E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{9770236A-BBB4-449A-A3AC-543E9E723327}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6972A28D-638B-4845-B421-D43C05E704E9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{91D29E93-0FCC-422E-99DA-A79140AE1667}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{886C925C-7B24-4A60-BD0E-EEDB00A68225}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{8D6295D0-7866-4DFA-A082-CA65672C83E7}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{7D2507BC-57AB-463B-89F1-03C38F0873FB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{57BFAAEA-4599-4C09-A63D-973848853C49}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{F100F530-C53E-42F0-90E2-0A00FE65B221}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{685E26CF-218D-4DAE-8FC4-E00A50FFCDDC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{CF53BECB-D4BE-44C9-9591-3ACC9D266C14}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{5ED27DD8-EEA6-4F8D-AD5C-922D2BFF0EBE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{D370543C-6A16-44D1-8B83-1E728FC7A876}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{612263E9-0C35-426F-8083-D1ED98DAF474}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{2C80D9B6-D082-4612-99CA-5DD1B8E6DFC1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{B3A3E02C-117C-4FCF-B66D-6C5ADB6173EE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{E78972D7-698C-4FF9-B87A-8749A733DC17}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{FF7E2908-103A-4E7D-8763-6941211D8D12}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{F2530216-9564-4763-A2F4-3537C299A6F6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{04FB3D35-2674-47B4-BE20-BD5B46B49E50}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{614F8E57-FE70-4652-B4E3-2C0F6CDF5739}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{82E064D5-5985-46B1-9995-D310F28E8076}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{8FCAFA1A-BE1D-4F93-8FB8-C4EF2208262B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{4716CF87-62DD-4E66-9F84-3A1252EEF3E6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{F00DC467-E3CE-484D-B87A-BDA039004679}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{F0EEBE2B-9CFF-4337-865E-164A9A4FC8D6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{FBB3B59A-13F5-4C37-BAAA-31BD77C39EDE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{F5A9BDA5-972F-4680-9A57-C6C7E5BEF745}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{ED219CD8-B7F4-46B3-800F-55977BE9C13D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{BA2904AB-57F3-49BB-BA1E-4C238121F382}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{160DB14B-29FA-4EB2-A46D-FF04AA303BA3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CEFA2315-3CC7-46B4-BFCF-FF59B24E2844}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{EECC0A66-53B6-4BCD-9EDE-C0E6AB6058DE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{4BEE438A-6861-493F-8737-3E59DC612532}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{A5F84365-CD3A-4345-BE30-964F9895C84A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{9003A799-4235-4EC3-A690-BAF8ABA96904}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{39E9D626-5AC1-4CF7-8827-B513DFE1BD92}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{DE91CDFA-135E-40E5-B749-5DDD1F1F1C57}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{29EB3C1B-5984-409F-AA31-EB7CCC6E7C3E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2B959876-CCEC-483D-9D0B-99C554E8EEA7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{ADDC36D1-3BC3-4331-B203-79FF78B41363}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C4E85C84-3E6B-4A46-BCB2-390C7A2C693D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{15A450DC-F5F0-445B-922D-37178C84A1F4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{00739B69-4133-4732-BC0B-B69FEA83A3AC}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{1AB3ADFD-6866-4A29-835F-5C0D6FBE82D9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{46C7447C-39F5-4287-8107-994462357174}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{68C09A72-EA71-4620-8AB9-9CF7B97163EB}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{D886B5EA-451F-4801-9519-16EF06E75BDF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{45EA03A1-39C3-4083-B316-6EC6C07AC412}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{D39A378B-4A54-48DB-B41D-C334F9AB5EA5}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1980E542-94C0-4EAE-9CC9-0A871EF578D4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1D9E7D51-8AA8-4A8D-99FA-A62E1F7223A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{234B63DB-8DED-4871-98A9-5FB35E8AB5D9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{843BD66B-380A-46C3-BFAC-FA82DA339C93}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CBF13F81-8203-4E17-A9B3-C14F75432A12}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{6E2A65D0-A024-4CDA-850A-B28669B99A19}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{98C1FBFA-5169-457C-8EE7-387A8575C8BF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0FD41A76-F6B7-4767-98D4-5914EFB66306}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{34048F8F-F478-4A74-9718-FF1610241DA9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{57654119-2702-465E-80E5-4CB43E65B70C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{EAAA15AE-9E70-444F-B269-9759106964B7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{92C29F6D-B7B9-4963-9688-2D4A4B8E91B4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{BF909D9A-7318-409B-A9E0-96251AE4F4EF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{25165BEB-8831-44AE-94F7-04E63AC557BE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1FF89E06-E3D8-4F4C-9D22-178FB064230E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{D17D0F0C-1682-4110-A155-5A41DF9ED29A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{9EBFAC6F-0CAF-48CA-AA97-333D7C2D4938}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CA0E8A63-E719-4752-A9E4-71A15DDE947D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{104DD35D-B51D-4BAA-9726-B9A39C127331}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7EB9F81C-B115-4A0E-A40B-E581A2B5B5E0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{4EDF515A-50B7-42B9-95D4-91A2CACEF970}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{060CCC52-5D31-423F-97EE-DD1F50DB9207}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F85AAB0A-23D6-4211-9191-F53D285943FF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{24FF1F92-A5F3-47C3-B4E6-BED468492F7B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1D00E5ED-E5A7-486F-94F7-ED0ED89A602A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{189B56B7-4FE7-47A9-B931-172C20521781}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{CDD4EB2E-1A13-479C-83C7-C1D8C99F7189}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A9EC8D8E-C19F-4783-A150-A89730851788}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{CAB33BC2-FD46-4C71-A5D2-010F0B2BA551}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7F13B5D7-4FB2-436E-93C3-73080A7DE93A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{FC533484-050E-4C32-BEDB-0F4741192172}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7A113C14-FB2D-48FA-A939-7DE943C919FD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{905D5849-95E3-42BC-9617-DC9FF9A50361}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{8D9A61CD-8E78-4300-9FC3-5F27A6A610B0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{833BAB7B-BC2C-4F06-8D63-6A8712537300}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7287617E-667D-4D36-B663-B1F99E419489}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{94070D7F-AE25-461D-AE0A-1F209B3B5DE4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{C8BC8BD8-D798-4AD8-9D34-60FBBA0D0179}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9D15EA70-380E-4686-AC9B-1AD9BD4B2419}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{18073016-80E2-42EA-B85B-466A210E6D03}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1F4A9B5D-FB01-4BC5-B8B6-0FC292D7A05B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1A150557-92DC-46F6-A8F2-A85DB8CD3879}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F5087AF7-073B-472C-AF75-C9E8C7C60801}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F9268F4C-9F01-4B47-B0CE-1A1A88C6DEBD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D33E1BA3-22DD-4091-B2AF-30E43D08B846}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1191310D-F2CF-427D-9870-C7843DB84195}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{87875759-C885-402D-BF81-9F6A74572B7B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0FE9765C-D2FF-4818-A281-B9C1826EA8DD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1243B007-30CB-4DA1-A6D4-147A1AA6C82E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B018C30F-5165-463B-B243-062D2D205A69}] => (Allow) C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C45897A4-9942-4F52-B946-6E033E94FC3B}] => (Allow) C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8104A464-0F0B-4E34-98F5-C44CF0708000}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9CE2C813-1630-47B7-8514-6AAF28450A2B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A1F121C8-0EAB-4CE7-AFBA-0234F9ADD152}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E9389FCD-1666-45C1-B1F1-3A75C359C72B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1400EEFF-93A1-461E-BB5A-9F615925EF43}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{E8411286-9287-4B14-A007-8928409C6DE1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{FF337B5E-C496-4CF2-8DDD-42BEEB2C676E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{539AE13C-2A09-4D31-8435-03796A5EFFBB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{02725209-B52B-4FD8-95B7-F47EBB74C4FA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E76BB129-CB61-4859-9D98-39117ED1CBA5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{85A069C5-6126-4EAA-ACFD-F71E85E982D2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{228056C2-F0F7-4FCF-95CC-E5600DC1EEBB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E46781D7-673C-458F-B0CD-8CF7E28F8E27}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{ADF5616A-5CAC-4D48-B810-18E8DD5CDAB5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{AF70E296-0309-4620-B0F5-08AF6BED84C2}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7CCE9F97-6071-4615-B7BF-7BAFAFA41EB1}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{DAF19E82-8327-4CDF-BEFD-D7B1FCC1A8F1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1CB80860-C3B8-416F-98BF-9FFBE1C8686F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0151F974-6D55-4DC9-9913-57A9CBB8DA16}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C58C7261-76D6-4702-90F7-5F0B1AA00EA5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{35BA0E5E-7F9B-45AC-B373-7B014348F88E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9AEB76F9-80A0-40CA-BC6C-5CD90484EF08}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5EABFAD5-DA21-4E2B-88CE-174E2664F3E5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8E9E513A-1E8F-4E19-A64B-4849F1D1DA13}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C9CB7D8F-F87D-443D-9D50-BCA7CF29B428}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{48CE8CCC-8D73-456D-8FDE-9C34A2935419}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0B58342A-456E-4A41-91B6-18E808C9CAC8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E9E5B267-FD06-40FB-BF26-EDA91EE15C0D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5F3698CC-1BEF-4E1E-BEDD-31601C2D4A49}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{DAF5F63E-024F-42C7-A6BA-1855AAD76394}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5B81A66D-8964-4375-B2B3-C6B952714502}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{51A141CB-9FB1-4E57-9F47-E8D6215A6288}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2B5C90E7-C17B-4E37-81B4-DB1F777C331D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B1176B39-D0DC-43A9-8656-AF74E50F6B24}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F3AF57C1-D0DD-471B-BA62-374B1810C984}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{978766D4-FB84-47B9-AEAF-686AC264DA75}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/13/2015 01:28:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Erro no arquivo de manifesto ou de política "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2", na linha C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (09/13/2015 12:55:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa LiveComm.exe versão 17.5.9600.20911 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID do Processo: 9f0

Hora de Início: 01d0ee3bf036b260

Hora de Término: 4294967295

Caminho do Aplicativo: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

ID do Relatório: e40661e0-5a2f-11e5-82b1-201a0657a1d6

Nome completo do pacote com falha: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

ID do aplicativo relativo ao pacote com falha: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/13/2015 11:56:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa LiveComm.exe versão 17.5.9600.20911 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID do Processo: ecc

Hora de Início: 01d0ee338ea50115

Hora de Término: 4294967295

Caminho do Aplicativo: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

ID do Relatório: 880c40bf-5a27-11e5-82b1-201a0657a1d6

Nome completo do pacote com falha: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

ID do aplicativo relativo ao pacote com falha: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/13/2015 10:58:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Erro no arquivo de manifesto ou de política "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2", na linha C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (09/13/2015 10:58:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Erro no arquivo de manifesto ou de política "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2", na linha C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (09/13/2015 10:58:35 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Erro no arquivo de manifesto ou de política "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2", na linha C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (09/13/2015 10:58:35 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Erro no arquivo de manifesto ou de política "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2", na linha C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (09/13/2015 10:58:27 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Erro no arquivo de manifesto ou de política "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2", na linha C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (09/13/2015 10:58:06 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Erro no arquivo de manifesto ou de política "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2", na linha C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (09/12/2015 04:52:41 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: AUTORIDADE NT)
Description: There was an error with the Windows Location Provider database


System errors:
=============
Error: (09/13/2015 10:59:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço eapihdrv devido ao seguinte erro: 
%%1275

Error: (09/13/2015 10:59:59 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Monica\AppData\Local\Temp\ehdrv.sys

Error: (09/13/2015 10:59:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço eapihdrv devido ao seguinte erro: 
%%1275

Error: (09/13/2015 10:59:59 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Monica\AppData\Local\Temp\ehdrv.sys

Error: (09/13/2015 10:59:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço eapihdrv devido ao seguinte erro: 
%%1275

Error: (09/13/2015 10:59:59 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Monica\AppData\Local\Temp\ehdrv.sys

Error: (09/13/2015 10:55:04 AM) (Source: DCOM) (EventID: 10010) (User: MONICA)
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}

Error: (09/13/2015 10:36:29 AM) (Source: DCOM) (EventID: 10010) (User: MONICA)
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}

Error: (09/13/2015 04:19:01 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: O desligamento do sistema que ocorreu às 04:16:51 do dia ‎13/‎09/‎2015 não era esperado.

Error: (09/12/2015 04:58:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Serviço de Compartilhamento de Rede do Windows Media Player foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar o serviço.


Microsoft Office:
=========================
Error: (09/13/2015 01:28:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (09/13/2015 12:55:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.209119f001d0ee3bf036b2604294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exee40661e0-5a2f-11e5-82b1-201a0657a1d6microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (09/13/2015 11:56:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20911ecc01d0ee338ea501154294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe880c40bf-5a27-11e5-82b1-201a0657a1d6microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (09/13/2015 10:58:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Monica\Desktop\esetsmartinstaller_deu.exe

Error: (09/13/2015 10:58:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Monica\Desktop\esetsmartinstaller_deu.exe

Error: (09/13/2015 10:58:35 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Monica\Desktop\esetsmartinstaller_deu.exe

Error: (09/13/2015 10:58:35 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Monica\Desktop\esetsmartinstaller_deu.exe

Error: (09/13/2015 10:58:27 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Monica\Desktop\esetsmartinstaller_deu.exe

Error: (09/13/2015 10:58:06 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Monica\Downloads\esetsmartinstaller_deu.exe

Error: (09/12/2015 04:52:41 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: AUTORIDADE NT)
Description: -2147024883


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) 2955U @ 1.40GHz
Percentage of memory in use: 59%
Total physical RAM: 3976.27 MB
Available physical RAM: 1607.95 MB
Total Virtual: 6280.27 MB
Available Virtual: 2994.05 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:447.69 GB) (Free:400.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3FB2AF5E)

Partition: GPT.

==================== End of Addition.txt ============================
         

Alt 14.09.2015, 12:49   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 / Firefox  russische Po-ups behindern normales Surfen - Standard

Windows 8 / Firefox russische Po-ups behindern normales Surfen



Java updaten. Addons kannste wieder installieren.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\$Recycle.Bin
Task: {0F27EC7E-E8F1-4D6C-88D1-DBB19477BD39} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-11 -> No File <==== ATTENTION

Task: {190DC44D-8E22-45F9-A675-5D78CA06A748} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-5_user -> No File <==== ATTENTION

Task: {5BACF658-2447-4EE9-BD6B-67A1EF12175A} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-5 -> No File <==== ATTENTION

Task: {75412B3F-992A-4759-9CB7-64225A7FB2BD} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-1 -> No File <==== ATTENTION

Task: {9BD3C0E8-3784-4E29-BF6B-77845CB8110D} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-2 -> No File <==== ATTENTION

Task: {A304EFB4-FE0F-45F7-8AFD-B62CF6EDE5B6} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-3 -> No File <==== ATTENTION

Task: {C16458BF-446D-469A-83E4-AB0E7F682EF5} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-4 -> No File <==== ATTENTION

Tcpip\Parameters: [DhcpNameServer] 89.248.166.149 8.8.8.8
Tcpip\..\Interfaces\{BCA91B0F-7C70-41BA-A4FA-BAB10466C94F}: [DhcpNameServer] 89.248.166.149 8.8.8.8
2014-07-05 17:23 - 2014-07-05 17:23 - 0000266 _____ () C:\Users\Monica\AppData\Local\alwju.bat
2014-07-05 17:21 - 2014-07-05 17:21 - 0000266 _____ () C:\Users\Monica\AppData\Local\bncpb.bat
2014-07-05 17:18 - 2014-07-05 17:18 - 0000266 _____ () C:\Users\Monica\AppData\Local\ikuwyceg.bat
2014-07-05 17:25 - 2014-07-05 17:25 - 0000266 _____ () C:\Users\Monica\AppData\Local\isnpkup.bat
2014-07-05 17:31 - 2014-07-05 17:31 - 0000266 _____ () C:\Users\Monica\AppData\Local\lindinsi.bat
2014-07-05 17:27 - 2014-07-05 17:27 - 0000266 _____ () C:\Users\Monica\AppData\Local\timyfs.bat
2014-07-05 17:29 - 2014-07-05 17:29 - 0000266 _____ () C:\Users\Monica\AppData\Local\tyeljw.bat
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren .
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.09.2015, 01:17   #8
cybercarsten
 
Windows 8 / Firefox  russische Po-ups behindern normales Surfen - Standard

Windows 8 / Firefox russische Po-ups behindern normales Surfen



Hallo Schrauber,

danke fuer die Hilfe und die vielen guten Tips.
Bisher ist das Surfen zwar besser, es kommen aber immer noch
Pop-ups und Pop-unders von russischen Servern, obwohl ich Ad-Block
und Pop-up-Blocker als Add on aktiviert habe?!
Mal sehen, wie sich das entwickelt.

Hier ist das Logfile vom FRST Fixing:
Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by Monica (2015-09-14 09:06:53) Run:1
Running from C:\Users\Monica\Desktop
Loaded Profiles: Monica (Available Profiles: Monica)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\$Recycle.Bin
Task: {0F27EC7E-E8F1-4D6C-88D1-DBB19477BD39} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-11 -> No File <==== ATTENTION

Task: {190DC44D-8E22-45F9-A675-5D78CA06A748} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-5_user -> No File <==== ATTENTION

Task: {5BACF658-2447-4EE9-BD6B-67A1EF12175A} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-5 -> No File <==== ATTENTION

Task: {75412B3F-992A-4759-9CB7-64225A7FB2BD} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-1 -> No File <==== ATTENTION

Task: {9BD3C0E8-3784-4E29-BF6B-77845CB8110D} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-2 -> No File <==== ATTENTION

Task: {A304EFB4-FE0F-45F7-8AFD-B62CF6EDE5B6} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-3 -> No File <==== ATTENTION

Task: {C16458BF-446D-469A-83E4-AB0E7F682EF5} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-4 -> No File <==== ATTENTION

Tcpip\Parameters: [DhcpNameServer] 89.248.166.149 8.8.8.8
Tcpip\..\Interfaces\{BCA91B0F-7C70-41BA-A4FA-BAB10466C94F}: [DhcpNameServer] 89.248.166.149 8.8.8.8
2014-07-05 17:23 - 2014-07-05 17:23 - 0000266 _____ () C:\Users\Monica\AppData\Local\alwju.bat
2014-07-05 17:21 - 2014-07-05 17:21 - 0000266 _____ () C:\Users\Monica\AppData\Local\bncpb.bat
2014-07-05 17:18 - 2014-07-05 17:18 - 0000266 _____ () C:\Users\Monica\AppData\Local\ikuwyceg.bat
2014-07-05 17:25 - 2014-07-05 17:25 - 0000266 _____ () C:\Users\Monica\AppData\Local\isnpkup.bat
2014-07-05 17:31 - 2014-07-05 17:31 - 0000266 _____ () C:\Users\Monica\AppData\Local\lindinsi.bat
2014-07-05 17:27 - 2014-07-05 17:27 - 0000266 _____ () C:\Users\Monica\AppData\Local\timyfs.bat
2014-07-05 17:29 - 2014-07-05 17:29 - 0000266 _____ () C:\Users\Monica\AppData\Local\tyeljw.bat
Emptytemp:
*****************

C:\$Recycle.Bin => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0F27EC7E-E8F1-4D6C-88D1-DBB19477BD39}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F27EC7E-E8F1-4D6C-88D1-DBB19477BD39}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-11 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{190DC44D-8E22-45F9-A675-5D78CA06A748}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{190DC44D-8E22-45F9-A675-5D78CA06A748}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-5_user => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5BACF658-2447-4EE9-BD6B-67A1EF12175A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BACF658-2447-4EE9-BD6B-67A1EF12175A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-5 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{75412B3F-992A-4759-9CB7-64225A7FB2BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75412B3F-992A-4759-9CB7-64225A7FB2BD}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-1 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9BD3C0E8-3784-4E29-BF6B-77845CB8110D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BD3C0E8-3784-4E29-BF6B-77845CB8110D}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-2 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A304EFB4-FE0F-45F7-8AFD-B62CF6EDE5B6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A304EFB4-FE0F-45F7-8AFD-B62CF6EDE5B6}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-3 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C16458BF-446D-469A-83E4-AB0E7F682EF5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C16458BF-446D-469A-83E4-AB0E7F682EF5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-4 => key not found. 
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BCA91B0F-7C70-41BA-A4FA-BAB10466C94F}\\DhcpNameServer => value removed successfully
C:\Users\Monica\AppData\Local\alwju.bat => moved successfully
C:\Users\Monica\AppData\Local\bncpb.bat => moved successfully
C:\Users\Monica\AppData\Local\ikuwyceg.bat => moved successfully
C:\Users\Monica\AppData\Local\isnpkup.bat => moved successfully
C:\Users\Monica\AppData\Local\lindinsi.bat => moved successfully
C:\Users\Monica\AppData\Local\timyfs.bat => moved successfully
C:\Users\Monica\AppData\Local\tyeljw.bat => moved successfully
EmptyTemp: => 2.8 GB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 09:08:26 ====
         
Kann man noch etwas tun, um die letzten Plagegeister zu vertreiben?

Gruss,
Carsten

Alt 15.09.2015, 20:33   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 / Firefox  russische Po-ups behindern normales Surfen - Standard

Windows 8 / Firefox russische Po-ups behindern normales Surfen



In welchem Browser? Und kommt das auch in andern Browsern?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.09.2015, 22:33   #10
cybercarsten
 
Windows 8 / Firefox  russische Po-ups behindern normales Surfen - Standard

Windows 8 / Firefox russische Po-ups behindern normales Surfen



Installiert sind nur der Internet Explorer 11.0 und Firefox 40.03 (mit add ons Adblock Plus und Adblock Plus pop-up). Betroffen ist nur Firefox, leider der bevorzugte Browser. Kann das Problem in den gesichten Bookmarks liegen, die waren nach der Neuinstallation von Firefox naemlich noch vorhanden.

Gruss,
Carsten

Alt 16.09.2015, 17:50   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 / Firefox  russische Po-ups behindern normales Surfen - Standard

Windows 8 / Firefox russische Po-ups behindern normales Surfen



Firefox wurde auch wie oben beschrieben komplett zurückgesetzt?

Frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 8 / Firefox russische Po-ups behindern normales Surfen
antispyware, avast, avg, browser, defender, device driver, dnsapi.dll, explorer, firefox, flash player, homepage, installation, launch, mozilla, realtek, rundll, security, services.exe, siteadvisor, software, svchost.exe, symantec, system, tastatur, temp, udp, windows, wlan



Ähnliche Themen: Windows 8 / Firefox russische Po-ups behindern normales Surfen


  1. Windows 8/10: Hartnäckige russische Adware, die auch trotz Neuinstallation von Windows nicht verschwindet
    Log-Analyse und Auswertung - 27.10.2015 (6)
  2. Windows 7 Starter: Popups und Werbung via best offers in Firefox trotz Adblock Plus machen Surfen unerträglich
    Log-Analyse und Auswertung - 22.06.2015 (11)
  3. Windows 7: Webseiten werden auf Russische Werbung umgeleitet.
    Log-Analyse und Auswertung - 06.04.2015 (14)
  4. Ständig Werbebanner beim Surfen mit Firefox
    Plagegeister aller Art und deren Bekämpfung - 28.02.2015 (17)
  5. Windows 8: Trojaner mit blauen Links und grünen Pfeilen beim surfen mit chrome und firefox
    Log-Analyse und Auswertung - 11.11.2014 (17)
  6. Deal Finder Firefox stört beim surfen wie löschen?
    Plagegeister aller Art und deren Bekämpfung - 17.01.2014 (17)
  7. Lästiges leeres Overlay beim Surfen mit Firefox
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (21)
  8. Musik im Hintergrund beim Surfen im Internet ( Firefox 20.0.1 )
    Log-Analyse und Auswertung - 30.04.2013 (21)
  9. Trojaner auf dem PC meiner Cousine, Reicht normales entfernen?
    Antiviren-, Firewall- und andere Schutzprogramme - 06.12.2012 (1)
  10. Surfen geht sehr langsam IE oder Firefox
    Plagegeister aller Art und deren Bekämpfung - 30.10.2012 (2)
  11. BKA Virus Infektion angeblich durch Surfen auch mit Firefox ?
    Plagegeister aller Art und deren Bekämpfung - 10.02.2012 (1)
  12. Studie: Teure Tarife und Sicherheitsbedenken behindern mobiles Shopping
    Nachrichten - 06.02.2012 (0)
  13. Internet Explorer öffnet russische Seiten und Windows dienste werden immer beendet
    Log-Analyse und Auswertung - 08.01.2011 (37)
  14. Beim surfen plötzlich eine Virenmeldung von Firefox
    Log-Analyse und Auswertung - 22.10.2009 (8)
  15. Firefox öffnet automatisch neue seiten beim surfen...
    Plagegeister aller Art und deren Bekämpfung - 07.11.2007 (3)
  16. Beim Surfen mit Firefox öffnen sich Pop Up's im IE
    Plagegeister aller Art und deren Bekämpfung - 31.05.2007 (1)
  17. IExplorer öffnet sich mit Werbefenster beim surfen mit Firefox
    Log-Analyse und Auswertung - 07.12.2005 (2)

Zum Thema Windows 8 / Firefox russische Po-ups behindern normales Surfen - Hallo liebes Trojaner-Board Team, der Windows 8 Laptop meiner Frau hat ein uebles (sorry, brasilianische Tastatur) Adware-Problem. Im Sekundenabstand erscheinen Pop-ups oder neue Fenster, meist von russischen Absendern. Alle Versuche - Windows 8 / Firefox russische Po-ups behindern normales Surfen...
Archiv
Du betrachtest: Windows 8 / Firefox russische Po-ups behindern normales Surfen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.