| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Rootkit_hidden_driver?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.10.2014, 16:26
| #1 |
| |  Rootkit_hidden_driver? Hallo, ich habe von nem Kumpelö grade nen Laptop hier, der sich was eingefangen an. Dachte erstmal alles einfach, einfach Windows neu rauf und gut, doch dem ist nicht so...  Ich fange mal ganz vorne an: Der Laptop (Windows7) ist abgestürzt mit Bluescreen... er ging wieder an und die Tasten funktionierten nicht mehr. Auch das Touchpad ging nicht mehr. Woran man es merkte?! Als die Eingabe kam, ob man windows 7 mit XY starten will, reagierte nix. Also Externe Tasten ran und Maus. so ging es wenigsten bishin zum desktop... nun gingen die Probs. weiter. Man konnte auch mit der Externen Tastatur nicht wirklich viel anfangen, weil auch dort nur begrenzt die tasten gingen wie zb. €,µ und die 6...die anderen gingen auch nicht wirklich. der Pfeil auf dem desktop blinkt und es öfnen sich so gut wie keine Proggies. AVG ging dann und der meldete mir: Rootkit_Hidden_Driver/Device/mfeavfk01.sys Nach diesem durchlauf, ging nix mehr. Also habe ich versucht einfach windows zu kicken und habe es neu raufgezogen. bei dem versuch habe ich erste erfolge gemerkt, bei installieren ging immhin das Tpuchpad wieder... er installierte als das windows7 neu (recovery CD) und in dem ersten moment schien alles gut. doch als er nun anfing die ganzen treiber ect. zu installieren, merke ich schon, das da etwas nicht stimmt...das Touchpad reagierte wieder nicht. Tasten nicht ect. Nur wieder mit der externen Tastatur die besagten zeichen... Nun stehe ich also vor dem problem, das auch ein neues windows nix bringt. demnach ist der rechner hin?! oder kann man da etwas machen? Wie gesagt, ich komme zwar ins windows rein, kann aber so gut wie nix dort machen...also mit nem proggie ist mir da anscheind nicht viel geholfen  |
|
12.10.2014, 17:12
| #2 |
| /// the machine /// TB-Ausbilder    | Rootkit_hidden_driver? Hi,
__________________tönt nach einem Hardwareproblem. Das angebliche Rootkit ist ein Leftover von McAfee http://forums.avg.com/ww-en/avg-foru...show&id=211260 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
13.10.2014, 12:02
| #3 |
| | Rootkit_hidden_driver? Hallo und Guten Morgen,
__________________habe etwas länger gebraucht, weil war nicht einfach irgendwas auf den befalenden PC zu installieren...hat dennoch geklappt...Hier mal die beiden ergenisse... Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014
Ran by peggy at 2014-10-13 08:24:32
Running from F:\
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0530.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.222 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 2.5.775.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{995841E6-A7D8-2742-606C-98E350507317}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.61012.1205 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.1012.1156.19535 - Ihr Firmenname) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1012.1156.19535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1012.1156.19535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1012.1156.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1012.1155.19535 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1012.1156.19535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2228.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2228.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8228 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.1.5 - Kobo Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Internet Security Suite (HKLM-x32\...\MSC) (Version: 11.0.623 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 5.5 (HKLM-x32\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.117 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.17.5 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
12-10-2014 15:48:47 Windows Update
12-10-2014 16:11:28 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1839A9E2-34D6-4EE0-8583-996DF8A14B4A} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-10-28] (CyberLink Corp.)
Task: {1852C45B-45F9-4AF8-8FF4-50D9F3CEEA35} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {1A0903DF-C4BB-49B1-A886-44530865A49B} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-28] (CyberLink)
Task: {2DA1A312-D595-477C-B9E5-D2EA4B06FC76} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {92356D85-0108-47CE-A26D-5E5DEE84B918} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {A1B3F034-1981-4C98-BDAD-1C258BD9B7F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08] (Adobe Systems Incorporated)
Task: {E20DA715-09BC-472E-99BA-B4133DFD5C08} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-07] (Acer Incorporated)
Task: {EB3C4407-6AAB-4D65-94DC-6C4DE1E3304F} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-28] (Acer Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-09-25 20:44 - 2014-09-25 20:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2012-01-05 23:22 - 2012-01-05 23:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 23:22 - 2012-01-05 23:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 23:22 - 2012-01-05 23:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-10-28 15:04 - 2011-10-28 15:04 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2400017690-2799416205-2311158137-500 - Administrator - Disabled)
Gast (S-1-5-21-2400017690-2799416205-2311158137-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2400017690-2799416205-2311158137-1002 - Limited - Enabled)
peggy (S-1-5-21-2400017690-2799416205-2311158137-1001 - Administrator - Enabled) => C:\Users\peggy
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/13/2014 08:17:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/12/2014 06:50:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/12/2014 06:33:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/12/2014 06:14:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/12/2014 06:00:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (10/13/2014 08:20:44 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (10/13/2014 08:20:44 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (10/13/2014 08:20:44 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (10/13/2014 08:20:44 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (10/13/2014 08:20:44 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (10/13/2014 08:20:44 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (10/13/2014 08:20:44 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (10/13/2014 08:18:12 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (10/13/2014 08:17:18 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (10/13/2014 08:17:18 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Microsoft Office Sessions:
=========================
Error: (10/13/2014 08:17:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/12/2014 06:50:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/12/2014 06:33:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/12/2014 06:14:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/12/2014 06:00:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: AMD E-450 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 25%
Total physical RAM: 5865.9 MB
Available physical RAM: 4382.54 MB
Total Pagefile: 11730 MB
Available Pagefile: 9729.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:222.69 GB) (Free:187.19 GB) NTFS
Drive d: (Data) (Fixed) (Total:223.44 GB) (Free:223.28 GB) NTFS
Drive f: () (Removable) (Total:7.46 GB) (Free:7.45 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 93F63F48)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=222.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=223.4 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 Ran by peggy (administrator) on PEGGY-PC on 13-10-2014 08:20:56 Running from F:\ Loaded Profiles: peggy & (Available profiles: peggy) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated) HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1674896 2011-09-17] (McAfee, Inc.) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-12] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-10-27] (CyberLink Corp.) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-2400017690-2799416205-2311158137-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd) HKU\S-1-5-21-2400017690-2799416205-2311158137-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd) HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120508065105.dll (McAfee, Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120508065106.dll (McAfee, Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\peggy\AppData\Roaming\Mozilla\Firefox\Profiles\nduea4bm.default FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll () FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Cliqz Beta - C:\Users\peggy\AppData\Roaming\Mozilla\Firefox\Profiles\nduea4bm.default\Extensions\cliqz@cliqz.com [2014-10-12] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-05-08] FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012-05-08] FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\peggy\AppData\Roaming\Mozilla\Firefox\Profiles\nduea4bm.default\extensions\cliqz@cliqz.com Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [225216 2011-01-28] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.) R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.) R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [502032 2011-10-19] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199272 2012-02-22] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [210584 2012-02-22] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [162192 2012-02-22] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-13] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.) U3 mfeavfk01; No ImagePath R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.) R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-13 08:21 - 2014-10-13 08:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-10-13 08:19 - 2014-10-13 08:21 - 00000000 ____D () C:\FRST 2014-10-12 19:20 - 2014-10-12 19:20 - 00000000 ____D () C:\Users\peggy\AppData\Roaming\Adobe 2014-10-12 18:44 - 2014-10-13 08:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-12 18:43 - 2014-10-12 18:43 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-12 18:43 - 2014-10-12 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-12 18:43 - 2014-10-12 18:43 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-12 18:43 - 2014-10-12 18:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-12 18:43 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-12 18:43 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-12 18:43 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-12 18:35 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll 2014-10-12 18:35 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll 2014-10-12 18:32 - 2014-10-13 08:16 - 00000168 _____ () C:\Windows\setupact.log 2014-10-12 18:32 - 2014-10-12 18:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-12 18:27 - 2014-10-12 18:28 - 00000000 ____D () C:\Users\peggy\AppData\Roaming\Mozilla 2014-10-12 18:27 - 2014-10-12 18:28 - 00000000 ____D () C:\Users\peggy\AppData\Local\Mozilla 2014-10-12 18:27 - 2014-10-12 18:27 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-12 18:27 - 2014-10-12 18:27 - 00001155 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-10-12 18:27 - 2014-10-12 18:27 - 00000000 ____D () C:\ProgramData\Mozilla 2014-10-12 18:27 - 2014-10-12 18:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-12 18:27 - 2014-10-12 18:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-12 18:17 - 2014-10-12 18:17 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-10-12 18:17 - 2014-10-12 18:17 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-10-12 18:17 - 2014-10-12 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-10-12 18:16 - 2014-10-12 18:17 - 00000000 ____D () C:\Program Files\CCleaner 2014-10-12 18:11 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2014-10-12 18:11 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2014-10-12 18:11 - 2012-02-17 06:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-12 18:11 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys 2014-10-12 18:01 - 2014-10-13 08:17 - 00000000 ____D () C:\ProgramData\clear.fi 2014-10-12 17:58 - 2014-10-12 17:58 - 00000000 ____D () C:\Users\peggy\AppData\Local\EgisTec IPS 2014-10-12 17:54 - 2014-10-12 17:54 - 00001447 _____ () C:\Users\peggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-12 17:54 - 2014-10-12 17:54 - 00001413 _____ () C:\Users\peggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-10-12 17:51 - 2014-10-12 17:51 - 00000995 _____ () C:\Users\Public\Desktop\Kobo.lnk 2014-10-12 17:51 - 2014-10-12 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo 2014-10-12 17:50 - 2014-10-12 17:51 - 00000000 ____D () C:\Program Files (x86)\Kobo 2014-10-12 17:50 - 2014-10-12 17:50 - 00002609 _____ () C:\Users\Public\Desktop\eBay.lnk 2014-10-12 17:50 - 2014-10-12 17:50 - 00000000 ____D () C:\Program Files (x86)\OEM 2014-10-12 17:50 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-10-12 17:50 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-10-12 17:50 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-10-12 17:50 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-10-12 17:49 - 2014-10-12 17:53 - 00000000 ____D () C:\Users\peggy\AppData\Local\PowerCinema 2014-10-12 17:49 - 2014-10-12 17:49 - 00059968 _____ () C:\Users\peggy\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-12 17:49 - 2014-10-12 17:49 - 00002078 _____ () C:\Users\Public\Desktop\Eurosport Player.lnk 2014-10-12 17:49 - 2014-10-12 17:49 - 00001736 _____ () C:\Users\Public\Desktop\Online kaufen.lnk 2014-10-12 17:49 - 2014-10-12 17:49 - 00000000 ____D () C:\Users\peggy\AppData\Roaming\CyberLink 2014-10-12 17:49 - 2014-10-12 17:49 - 00000000 ____D () C:\Users\peggy\AppData\Local\Acer 2014-10-12 17:49 - 2014-10-12 17:49 - 00000000 ____D () C:\Program Files\Accessory Store 2014-10-12 17:49 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-10-12 17:49 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-10-12 17:49 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-10-12 17:49 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-10-12 17:49 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-10-12 17:49 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-10-12 17:49 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-10-12 17:49 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-10-12 17:49 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-10-12 17:49 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-10-12 17:48 - 2014-10-12 17:54 - 00000000 ____D () C:\Users\peggy 2014-10-12 17:48 - 2014-10-12 17:49 - 00000000 ____D () C:\Program Files\Preload 2014-10-12 17:48 - 2014-10-12 17:48 - 00000020 ___SH () C:\Users\peggy\ntuser.ini 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\Vorlagen 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\Startmenü 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\Netzwerkumgebung 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\Lokale Einstellungen 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\Eigene Dateien 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\Druckumgebung 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\Documents\Eigene Musik 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\Documents\Eigene Bilder 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\AppData\Local\Verlauf 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\AppData\Local\Anwendungsdaten 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\peggy\Anwendungsdaten 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\Startmenü 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Programme 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\ProgramData\Vorlagen 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\ProgramData\Startmenü 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\ProgramData\Favoriten 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\ProgramData\Dokumente 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 _SHDL () C:\Dokumente und Einstellungen 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 ____D () C:\Users\peggy\AppData\Local\VirtualStore 2014-10-12 17:48 - 2014-10-12 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Family Protection 2014-10-12 17:48 - 2012-05-08 15:47 - 00000000 ____D () C:\Users\peggy\AppData\Roaming\Macromedia 2014-10-12 17:48 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\peggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-12 17:48 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\peggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-10-11 20:59 - 2014-10-12 17:48 - 00000000 __SHD () C:\Recovery 2014-10-11 19:37 - 2014-10-12 19:00 - 00643866 _____ () C:\Windows\system32\perfh007.dat 2014-10-11 19:37 - 2014-10-12 19:00 - 00126394 _____ () C:\Windows\system32\perfc007.dat 2014-10-11 19:37 - 2014-10-11 19:36 - 00295922 _____ () C:\Windows\system32\perfi007.dat 2014-10-11 19:37 - 2014-10-11 19:36 - 00038104 _____ () C:\Windows\system32\perfd007.dat 2014-10-11 19:36 - 2014-10-11 19:36 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer 2014-10-11 19:36 - 2014-10-11 19:36 - 00000000 ____D () C:\Windows\SysWOW64\de 2014-10-11 19:36 - 2014-10-11 19:36 - 00000000 ____D () C:\Windows\SysWOW64\0407 2014-10-11 19:36 - 2014-10-11 19:36 - 00000000 ____D () C:\Windows\system32\de 2014-10-11 19:36 - 2014-10-11 19:36 - 00000000 ____D () C:\Windows\system32\0407 2014-10-11 19:27 - 2014-10-11 19:27 - 00000000 ____D () C:\Windows\NAPP_Dism_Log 2014-10-11 10:19 - 2014-10-11 10:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clear.fi 2014-10-11 10:19 - 2014-10-11 10:22 - 00000000 ____D () C:\ProgramData\CLSK 2014-10-11 10:19 - 2014-10-11 10:19 - 00003418 _____ () C:\Windows\System32\Tasks\clear.fi 2014-10-11 10:19 - 2014-10-11 10:19 - 00003366 _____ () C:\Windows\System32\Tasks\DMREngine 2014-10-11 10:19 - 2014-10-11 10:19 - 00003348 _____ () C:\Windows\System32\Tasks\clear.fiAgent 2014-10-11 10:19 - 2014-10-11 10:19 - 00002171 _____ () C:\Users\Public\Desktop\clear.fi.lnk 2014-10-11 10:19 - 2014-10-11 10:19 - 00000000 ____D () C:\Program Files (x86)\Cyberlink 2014-10-11 10:16 - 2014-10-11 10:25 - 00000000 ____D () C:\ProgramData\Temp 2014-10-11 10:16 - 2014-10-11 10:22 - 00015134 _____ () C:\ProgramData\ArcadeDeluxe5.log 2014-10-11 10:16 - 2014-10-11 10:22 - 00000000 ____D () C:\ProgramData\CyberLink 2014-10-11 10:15 - 2014-10-11 10:15 - 00001024 ___RH () C:\Users\Public\Documents\NTILiveUpdateV9.dll 2014-10-11 10:15 - 2014-10-11 10:15 - 00000000 ____D () C:\ProgramData\NTI Launcher 2014-10-11 10:15 - 2014-10-11 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Media Maker 9 2014-10-11 10:13 - 2014-10-11 10:13 - 00001024 ___RH () C:\Users\Public\Documents\NTIMMV9REGET.dll 2014-10-11 10:13 - 2014-10-11 10:13 - 00001024 ___RH () C:\Users\Public\Documents\NTIMMV9Acer.dll 2014-10-11 10:13 - 2014-10-11 10:13 - 00000000 ____D () C:\ProgramData\FLEXnet 2014-10-11 10:11 - 2014-10-11 10:11 - 00002435 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk 2014-10-11 10:11 - 2014-10-11 10:11 - 00000000 ____D () C:\Windows\OEMTemp 2014-10-11 10:11 - 2014-10-11 10:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-10-11 10:07 - 2014-10-11 10:07 - 00000000 _____ () C:\Windows\ativpsrm.bin 2014-10-11 10:04 - 2014-10-11 10:04 - 00000000 ____D () C:\Windows\SysWOW64\sda 2014-10-11 10:04 - 2010-12-01 10:12 - 09888360 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUStoricon.dll 2014-10-11 10:04 - 2010-12-01 10:12 - 00422504 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtsUStor.dll 2014-10-11 10:04 - 2010-12-01 10:12 - 00250984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys 2014-10-11 10:03 - 2014-10-11 10:04 - 00000000 ____D () C:\Program Files (x86)\Realtek 2014-10-11 10:03 - 2014-10-11 10:03 - 00000000 ___HD () C:\Program Files (x86)\Temp 2014-10-11 10:03 - 2014-10-11 10:03 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf 2014-10-11 10:03 - 2014-10-11 10:03 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM 2014-10-11 10:03 - 2014-10-11 10:03 - 00000000 ____D () C:\Program Files\Synaptics 2014-10-11 10:03 - 2014-10-11 10:03 - 00000000 ____D () C:\Program Files\Realtek 2014-10-11 10:03 - 2011-06-14 13:38 - 02899176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys 2014-10-11 10:03 - 2011-06-14 07:40 - 01483264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat 2014-10-11 10:03 - 2011-06-13 13:04 - 01560680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl 2014-10-11 10:03 - 2011-06-10 11:35 - 00603472 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll 2014-10-11 10:03 - 2011-06-07 11:09 - 02405992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll 2014-10-11 10:03 - 2011-06-03 08:11 - 01805928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll 2014-10-11 10:03 - 2011-06-02 11:03 - 00092264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll 2014-10-11 10:03 - 2011-06-02 06:22 - 00043506 _____ () C:\Windows\system32\Drivers\RtPCEE4.DAT 2014-10-11 10:03 - 2011-05-31 04:09 - 03114088 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll 2014-10-11 10:03 - 2011-05-31 03:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll 2014-10-11 10:03 - 2011-05-31 03:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll 2014-10-11 10:03 - 2011-05-31 03:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll 2014-10-11 10:03 - 2011-05-31 03:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll 2014-10-11 10:03 - 2011-05-31 03:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll 2014-10-11 10:03 - 2011-05-31 03:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll 2014-10-11 10:03 - 2011-05-31 03:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll 2014-10-11 10:03 - 2011-05-31 03:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll 2014-10-11 10:03 - 2011-05-31 03:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll 2014-10-11 10:03 - 2011-05-31 03:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll 2014-10-11 10:03 - 2011-05-31 03:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll 2014-10-11 10:03 - 2011-05-31 03:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll 2014-10-11 10:03 - 2011-05-27 11:58 - 01284712 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll 2014-10-11 10:03 - 2011-05-23 11:12 - 01245288 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll 2014-10-11 10:03 - 2011-05-05 09:24 - 02085440 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll 2014-10-11 10:03 - 2011-05-05 08:15 - 00220512 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll 2014-10-11 10:03 - 2011-05-05 08:14 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll 2014-10-11 10:03 - 2011-05-05 08:14 - 00078176 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll 2014-10-11 10:03 - 2011-05-02 08:27 - 03308376 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll 2014-10-11 10:03 - 2011-05-02 08:27 - 00426328 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll 2014-10-11 10:03 - 2011-05-02 08:27 - 00136024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll 2014-10-11 10:03 - 2011-05-02 08:27 - 00118104 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll 2014-10-11 10:03 - 2011-05-02 08:27 - 00074072 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll 2014-10-11 10:03 - 2011-04-18 15:24 - 00000016 _____ () C:\Windows\system32\Drivers\rtkhdaud.dat 2014-10-11 10:03 - 2011-04-18 12:50 - 02601816 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll 2014-10-11 10:03 - 2011-04-18 12:50 - 02238296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll 2014-10-11 10:03 - 2010-11-18 05:49 - 00121744 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll 2014-10-11 10:03 - 2010-11-08 01:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll 2014-10-11 10:03 - 2010-11-08 01:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll 2014-10-11 10:03 - 2010-11-08 01:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll 2014-10-11 10:03 - 2010-11-08 01:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll 2014-10-11 10:03 - 2010-11-08 01:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll 2014-10-11 10:03 - 2010-11-08 01:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll 2014-10-11 10:03 - 2010-11-03 12:31 - 00332392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll 2014-10-11 10:03 - 2010-11-03 12:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll 2014-10-11 10:03 - 2010-10-03 07:46 - 00341336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll 2014-10-11 10:03 - 2010-09-27 03:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll 2014-10-11 10:03 - 2010-09-23 11:21 - 00039672 _____ () C:\Windows\system32\Drivers\RtPCEE3.DAT 2014-10-11 10:03 - 2010-07-22 10:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll 2014-10-11 10:03 - 2010-07-22 10:37 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll 2014-10-11 10:03 - 2010-05-06 11:34 - 00334680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll 2014-10-11 10:03 - 2010-03-22 07:21 - 00247560 _____ () C:\Windows\system32\Drivers\RTConvEQ.dat 2014-10-11 10:03 - 2010-03-22 07:21 - 00001448 _____ () C:\Windows\system32\Drivers\RtHdatEx.dat 2014-10-11 10:03 - 2010-02-11 09:45 - 00000176 _____ () C:\Windows\system32\Drivers\RTHDAEQ1.dat 2014-10-11 10:03 - 2010-01-26 15:52 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX3.dat 2014-10-11 10:03 - 2009-11-24 03:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll 2014-10-11 10:03 - 2009-11-24 03:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll 2014-10-11 10:03 - 2009-11-24 03:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll 2014-10-11 10:03 - 2009-11-24 03:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll 2014-10-11 10:03 - 2009-11-18 12:42 - 02197264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll 2014-10-11 10:03 - 2009-11-17 12:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll 2014-10-11 10:03 - 2008-08-21 07:43 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX2.dat 2014-10-11 10:03 - 2005-06-26 23:29 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX1.dat 2014-10-11 10:03 - 2005-06-26 23:29 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX0.dat 2014-10-11 09:59 - 2014-10-11 09:59 - 00000000 ____D () C:\Windows\SysWOW64\Atheros_L1e 2014-10-11 09:57 - 2010-11-28 22:50 - 00044672 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys 2014-10-11 09:55 - 2014-10-11 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center 2014-10-11 09:55 - 2014-10-11 09:55 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies 2014-10-11 09:55 - 2014-10-11 09:55 - 00000000 ____D () C:\Program Files (x86)\AMD APP 2014-10-11 09:54 - 2014-10-11 09:54 - 00000000 ____D () C:\Program Files\ATI 2014-10-11 09:53 - 2014-10-11 09:55 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies 2014-10-11 09:52 - 2014-10-11 09:52 - 00000184 _____ () C:\Windows\LMv4.UNI 2014-10-11 09:52 - 2014-10-11 09:52 - 00000000 ____D () C:\Program Files (x86)\Launch Manager 2014-10-11 09:49 - 2014-10-11 09:49 - 00000000 ___HD () C:\book 2014-10-11 09:49 - 2014-10-11 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem 2014-10-11 09:49 - 2014-10-11 09:49 - 00000000 ____D () C:\ProgramData\EgisTec 2014-10-11 09:47 - 2014-10-13 08:22 - 00510955 _____ () C:\Windows\WindowsUpdate.log 2014-10-11 09:45 - 2014-10-11 09:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-13 08:23 - 2012-05-08 15:20 - 00000000 ____D () C:\ProgramData\McAfee 2014-10-13 08:21 - 2012-05-08 15:22 - 00001832 _____ () C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk 2014-10-13 08:16 - 2012-05-08 15:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-13 08:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-12 20:00 - 2012-05-08 15:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-10-12 19:00 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-12 18:57 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-12 18:57 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-12 18:17 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther 2014-10-12 17:55 - 2012-05-08 15:38 - 00000000 ____D () C:\ProgramData\oem 2014-10-12 17:53 - 2012-05-08 15:32 - 00000000 ___HD () C:\OEM 2014-10-12 17:48 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore 2014-10-12 17:48 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries 2014-10-12 17:48 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-10-12 17:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Windows NT 2014-10-12 17:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-10-11 19:41 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\winrm 2014-10-11 19:41 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\WCN 2014-10-11 19:41 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\sysprep 2014-10-11 19:41 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\slmgr 2014-10-11 19:41 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\winrm 2014-10-11 19:41 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\WCN 2014-10-11 19:41 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\slmgr 2014-10-11 19:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe 2014-10-11 19:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI 2014-10-11 19:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI 2014-10-11 19:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-10-11 19:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing 2014-10-11 19:36 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal 2014-10-11 19:36 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts 2014-10-11 19:36 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts 2014-10-11 19:36 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker 2014-10-11 19:36 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns 2014-10-11 19:36 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar 2014-10-11 19:36 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2014-10-11 19:36 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender 2014-10-11 19:36 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker 2014-10-11 19:36 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar 2014-10-11 19:36 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer 2014-10-11 19:36 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup 2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz 2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\com 2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Setup 2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\oobe 2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\migwiz 2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\com 2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME 2014-10-11 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System 2014-10-11 19:25 - 2009-07-14 07:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template 2014-10-11 19:24 - 2009-07-14 07:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG 2014-10-11 10:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep 2014-10-11 10:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help 2014-10-11 10:29 - 2012-05-08 15:22 - 00000000 ____D () C:\Program Files (x86)\Acer 2014-10-11 10:27 - 2012-05-08 15:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-10-11 10:27 - 2012-05-08 15:23 - 00000000 ____D () C:\Program Files\Acer 2014-10-11 10:14 - 2012-05-08 15:41 - 00000000 ____D () C:\Program Files (x86)\NTI 2014-10-11 10:11 - 2012-05-08 15:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2014-10-11 10:01 - 2012-05-08 15:37 - 00000000 ____D () C:\ProgramData\EgisTec IPS 2014-10-11 09:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-10-11 09:50 - 2011-02-12 05:43 - 00000000 ____D () C:\Windows\DeployWinRE2 2014-10-11 09:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Recovery 2014-10-11 09:44 - 2009-07-14 06:45 - 00283104 _____ () C:\Windows\system32\FNTCACHE.DAT ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2012-05-08 14:35 ==================== End Of Log ============================ --- --- --- so, also langsam befürchte ich auch das es nen hardwarefehler ist. denn der laptop funktioniert nun soweit... nur sobald ich eine taste drücke, dann geht nix mehr. mit ner externen tastatur geht alles soweit. aber wie gesagt, sobald ich nun irgendeine taste drücke, kommt nen komisches geräusch, son bupbupbup und der laptop spackt ab. was ich da nur komisch finde ist, das ich dann soweit nix mehr machen kann, weil dann alles automatisch so hingestellt wird den laptop runter zu fahren. auch proggies könnte ich nur abbrechen nix anderes. also demnach schaut es doch wieder nach nem virus aus. denn warum kann ich alles nur beenden? versteghe ich nicht so wirklich. auch wenn es nun soweit ist, und ich den laptop neu starte, dann kommt nen hinweis das ich windows7 starten soll...da kann ich nix weiter klicken...weiter unten steht dann noch was von tools, windows7 memory da muss ich manuell den laptop ausmachen neu starten und erst dann komme ich dahin ob ich windows normal starten will oder im abgesicherten modus ect. irgendwie alles komisch... was ist denn nun mit den berichten die ich hier einstellen sollte? |
|
14.10.2014, 08:16
| #4 | |
| /// the machine /// TB-Ausbilder | Rootkit_hidden_driver?Zitat:
Logs sind sauber, bissl Adware, aber das ist nicht das Problem. Der Laptop hat nen Hardwareproblem.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.10.2014, 15:56
| #5 |
| | Rootkit_hidden_driver? hey sorry...sollte nicht so rüber kommen wie es rüber kam anscheind... Ja, demnach ist das ding hinne?! oder kann man da tastatur technisch noch irgendwas machen? oder wäre das alles zu viel aufwand? |
|
15.10.2014, 09:54
| #6 |
| /// the machine /// TB-Ausbilder | Rootkit_hidden_driver? Naja, wenn du handwerklich bissl begabt bist würd ich mal das Keyboard ausbauen und Anschlüsse checken. Evtl gleich nen neues bestellen, kostet glaube ich nicht die Welt. Oder aber das Ding im Laden richtig durch checken.
__________________ --> Rootkit_hidden_driver? |
|
| Themen zu Rootkit_hidden_driver? |
| anderen, avg, bli, blinkt, driver, einfach, eingabe, eingefangen, gen, laptop, melde, neu, neues, problem, rechner, recovery, recovery cd, rootkit, starten, tastatur, touchpad, treiber, windows, windows 7, wirklich |
Linear-Darstellung
