Mcafee: Artemis auf dem Laptop der Tochter mit WIN 8

piepsi · 27.12.2014, 00:24

Moin zusammen!
Meine Tochter hat sich beim Versuch, itunes zu installieren, leider verseuchtesZeug heruntergeladen.
McAfee hat Artemis diagnostiziert.

Hier die Logfiles:

Code:

ATTFilter

Vdefogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:13 on 26/12/2014 (clara)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014
Ran by clara (administrator) on PINKUNICORN on 26-12-2014 23:03:29
Running from C:\Users\clara\Desktop
Loaded Profile: clara (Available profiles: clara)
Platform: Windows 8.1 Connected (Update 1) (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\rcore.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Users\clara\AppData\Local\ConvertAd\CASrv.exe
() C:\Users\clara\AppData\Roaming\VOPackage\VOsrv.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Time Lapse Solutions) C:\ProgramData\cDQBHoBttZ\UtnhMyWMJup.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(globalUpdate) C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
() C:\Program Files (x86)\ver2SpeedCheck\i6SpeedCheckv60.exe
() C:\Program Files (x86)\ver2SpeedCheck\SpeedCheck.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
() C:\Users\clara\AppData\Local\gmsd_de_40\upgmsd_de_40.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pokki) C:\Users\clara\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
() C:\Users\clara\AppData\Roaming\InetStat\inetstat.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\StormWatch.exe
() C:\Program Files (x86)\StormWatch\StormWatchApp.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUicnt.exe
() C:\Program Files (x86)\gmsd_de_40\gmsd_de_40.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
() C:\Users\clara\AppData\Local\ConvertAd\ConvertAd.exe
(Pokki) C:\Users\clara\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\clara\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\clara\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\Core\mchost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(HQ-VideoV25.12) C:\Program Files (x86)\HQPro-Video 1.6V25.12\HQPro-Video 1.6V25.12-bg.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcupdmgr.exe
(SUPER PC TOOLS LIMITED) C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe
(McAfee, Inc.) C:\Program Files\mcafee\vul\McVulAlert.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-07-24] (McAfee, Inc.)
HKLM-x32\...\Run: [gmsd_de_40] => C:\Program Files (x86)\gmsd_de_40\gmsd_de_40.exe [3976872 2014-12-24] ()
HKLM-x32\...\RunOnce: [upgmsd_de_40.exe] => C:\Users\clara\AppData\Local\gmsd_de_40\upgmsd_de_40.exe [3310248 2014-12-24] ()
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\...\Run: [InetStat] => C:\Users\clara\AppData\Roaming\InetStat\inetstat.exe [705038 2014-12-25] ()
HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [676968 2014-12-23] (SUPER PC TOOLS LIMITED)
HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.16\OptProLauncher.exe
Startup: C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
ShortcutTarget: StormWatch.lnk -> C:\Program Files (x86)\StormWatch\StormWatch.exe (Weather Protector LLC)
Startup: C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
ShortcutTarget: StormWatchApp.lnk -> C:\Program Files (x86)\StormWatch\StormWatchApp.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1514695704-1104078457-1827297199-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1514695704-1104078457-1827297199-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1514695704-1104078457-1827297199-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: HQPro-Video 1.6V25.12 -> {11111111-1111-1111-1111-110611171162} -> C:\Program Files (x86)\HQPro-Video 1.6V25.12\HQPro-Video 1.6V25.12-bho64.dll (HQ-VideoV25.12)
BHO: SpeedCheck -> {ACE0A21D-5909-76E7-3EE8-9B3BA84F5365} -> C:\Program Files (x86)\ver2SpeedCheck\184_x64.dll ()
BHO-x32: HQPro-Video 1.6V25.12 -> {11111111-1111-1111-1111-110611171162} -> C:\Program Files (x86)\HQPro-Video 1.6V25.12\HQPro-Video 1.6V25.12-bho.dll (HQ-VideoV25.12)
BHO-x32: SpeedCheck -> {ACE0A21D-5909-76E7-3EE8-9B3BA84F5365} -> C:\Program Files (x86)\ver2SpeedCheck\184.dll ()
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\mcsniepl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\clara\AppData\Roaming\Mozilla\Firefox\Profiles\84o4ajrv.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll ()
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
FF Plugin-x32: Adobe Reader -> c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-06-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-03]
FF HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\...\Firefox\Extensions: [{4B55B3C6-B7D6-F951-65AD-4BBEB0EF1F8E}] - C:\Program Files (x86)\ver2SpeedCheck\184.xpi
FF Extension: SpeedCheck - C:\Program Files (x86)\ver2SpeedCheck\184.xpi [2014-12-25]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-07-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0179611419616676mcinstcleanup; C:\Windows\TEMP\017961~1.EXE [827456 2012-01-09] (McAfee, Inc.)
R2 9b784ed1; c:\Program Files (x86)\Optimizer Pro 3.16\OptProMon.dll [5079632 2014-12-25] ()
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider)
R2 cae99edb; c:\Program Files (x86)\Super Optimizer\SupOptStats.dll [5476456 2014-12-25] ()
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2709760 2014-11-17] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-25] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-25] (globalUpdate) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [175464 2013-07-24] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-07-06] (McAfee, Inc.)
R2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-04-28] (Acer Incorporate)
R2 rcores; C:\Windows\rcore.exe [4963840 2014-12-25] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-04-28] (Acer Incorporate)
R2 serverca; C:\Users\clara\AppData\Local\ConvertAd\CASrv.exe [143360 2014-12-25] () [File not signed]
R2 servervo; C:\Users\clara\AppData\Roaming\VOPackage\VOsrv.exe [133632 2014-12-25] () [File not signed]
R2 SWUpdater; C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe [17584 2014-11-22] (Weather Protector LLC)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer)
R2 UtnhMyWMJup; C:\ProgramData\cDQBHoBttZ\UtnhMyWMJup.exe [2726776 2014-12-25] (Time Lapse Solutions)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-07-15] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-07-15] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
S3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [461528 2013-12-20] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2014-07-15] (Microsoft Corporation)
R2 webinstrNewH; C:\Windows\system32\Drivers\webinstrNewH.sys [106456 2014-12-25] (Corsica)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 22:17 - 2014-12-26 23:02 - 00031022 _____ () C:\Users\clara\Desktop\Addition.txt
2014-12-26 21:48 - 2014-12-26 23:03 - 00018648 _____ () C:\Users\clara\Desktop\FRST.txt
2014-12-26 21:42 - 2014-12-26 23:04 - 00000000 ____D () C:\FRST
2014-12-26 21:28 - 2014-12-26 21:29 - 02122752 _____ (Farbar) C:\Users\clara\Desktop\FRST64.exe
2014-12-26 21:13 - 2014-12-26 21:13 - 00000472 _____ () C:\Users\clara\Desktop\defogger_disable.log
2014-12-26 21:13 - 2014-12-26 21:13 - 00000000 _____ () C:\Users\clara\defogger_reenable
2014-12-26 21:10 - 2014-12-26 21:10 - 00050477 _____ () C:\Users\clara\Desktop\Defogger.exe
2014-12-26 20:56 - 2014-12-26 20:56 - 00000000 ____D () C:\Users\clara\AppData\Local\ZombieInvasion
2014-12-26 20:55 - 2014-12-26 20:56 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Mozilla
2014-12-26 20:55 - 2014-12-26 20:56 - 00000000 ____D () C:\Users\clara\AppData\Local\Mozilla
2014-12-26 20:55 - 2014-12-26 20:55 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-26 20:55 - 2014-12-26 20:55 - 00001167 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-26 20:55 - 2014-12-26 20:55 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-26 20:55 - 2014-12-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-26 20:55 - 2014-12-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-26 19:22 - 2014-12-26 19:22 - 00001103 _____ () C:\Users\clara\Desktop\Continue Live Installation.lnk
2014-12-26 18:56 - 2014-12-26 18:56 - 00000000 ____D () C:\ProgramData\Browser
2014-12-26 18:55 - 2014-12-26 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-25 19:48 - 2014-12-25 19:48 - 00000000 ____D () C:\Users\clara\AppData\Local\AOP SDK
2014-12-25 18:21 - 2014-12-25 18:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-12-25 16:00 - 2014-12-25 16:01 - 00000000 ____D () C:\ProgramData\cDQBHoBttZ
2014-12-25 16:00 - 2014-12-25 16:00 - 00000000 ____D () C:\ProgramData\ZombieInvasion
2014-12-25 15:57 - 2014-12-25 16:15 - 00003254 _____ () C:\Windows\System32\Tasks\Super Optimizer Schedule
2014-12-25 15:57 - 2014-12-25 15:57 - 00000000 ____D () C:\Users\clara\Documents\Super Optimizer
2014-12-25 15:57 - 2014-12-25 15:57 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Super Optimizer
2014-12-25 15:56 - 2014-12-25 15:56 - 00000000 ____D () C:\Users\clara\AppData\Local\Weather_Protector_LLC
2014-12-25 15:55 - 2014-12-25 19:25 - 00000000 ____D () C:\Users\clara\AppData\Local\StormWatch
2014-12-25 15:55 - 2014-12-25 15:55 - 00003260 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-12-25 15:55 - 2014-12-25 15:55 - 00000000 ____D () C:\Users\clara\Documents\Optimizer Pro
2014-12-25 15:55 - 2014-12-25 15:55 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Optimizer Pro
2014-12-25 15:55 - 2014-12-25 15:55 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
2014-12-25 15:55 - 2014-12-25 15:55 - 00000000 ____D () C:\Users\clara\AppData\Local\ConvertAd
2014-12-25 15:54 - 2014-12-26 18:58 - 00000000 ___HD () C:\Users\Public\Temp
2014-12-25 15:54 - 2014-12-25 15:55 - 00000000 ____D () C:\Program Files (x86)\StormWatch
2014-12-25 15:54 - 2014-12-25 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-12-25 15:53 - 2014-12-26 18:50 - 00001925 _____ () C:\Windows\patsearch.bin
2014-12-25 15:53 - 2014-12-26 18:50 - 00000436 _____ () C:\Windows\Tasks\SpeedCheck Update.job
2014-12-25 15:53 - 2014-12-25 15:54 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.16
2014-12-25 15:53 - 2014-12-25 15:53 - 00106456 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNewH.sys
2014-12-25 15:53 - 2014-12-25 15:53 - 00003076 _____ () C:\Windows\System32\Tasks\SpeedCheck Update
2014-12-25 15:53 - 2014-12-25 15:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-25 15:53 - 2014-12-25 15:53 - 00000000 ____D () C:\Program Files (x86)\ver2SpeedCheck
2014-12-25 15:52 - 2014-12-26 21:56 - 00002470 _____ () C:\Windows\Tasks\257662b9-45e5-45c1-8746-c22cab96b03f-5_user.job
2014-12-25 15:52 - 2014-12-26 21:55 - 00002470 _____ () C:\Windows\Tasks\257662b9-45e5-45c1-8746-c22cab96b03f-5.job
2014-12-25 15:52 - 2014-12-26 21:55 - 00002134 _____ () C:\Windows\Tasks\257662b9-45e5-45c1-8746-c22cab96b03f-2.job
2014-12-25 15:52 - 2014-12-26 18:49 - 00005138 _____ () C:\Windows\System32\Tasks\257662b9-45e5-45c1-8746-c22cab96b03f-2
2014-12-25 15:52 - 2014-12-25 15:55 - 00005474 _____ () C:\Windows\System32\Tasks\257662b9-45e5-45c1-8746-c22cab96b03f-5
2014-12-25 15:51 - 2014-12-26 22:05 - 00000000 ____D () C:\Users\clara\AppData\Local\gmsd_de_40
2014-12-25 15:51 - 2014-12-26 22:00 - 00000980 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-12-25 15:51 - 2014-12-26 21:54 - 00003490 _____ () C:\Windows\Tasks\257662b9-45e5-45c1-8746-c22cab96b03f-1.job
2014-12-25 15:51 - 2014-12-26 18:50 - 00001360 _____ () C:\Windows\Tasks\HUDYW.job
2014-12-25 15:51 - 2014-12-26 18:50 - 00000976 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-12-25 15:51 - 2014-12-25 15:54 - 01990120 _____ (HQ-VideoV25.12) C:\Users\clara\AppData\Roaming\HUDYW.exe
2014-12-25 15:51 - 2014-12-25 15:54 - 00006494 _____ () C:\Windows\System32\Tasks\257662b9-45e5-45c1-8746-c22cab96b03f-1
2014-12-25 15:51 - 2014-12-25 15:54 - 00004372 _____ () C:\Windows\System32\Tasks\HUDYW
2014-12-25 15:51 - 2014-12-25 15:54 - 00003952 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-12-25 15:51 - 2014-12-25 15:54 - 00003716 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-12-25 15:51 - 2014-12-25 15:52 - 00000000 ____D () C:\Users\clara\AppData\Roaming\VOPackage
2014-12-25 15:51 - 2014-12-25 15:52 - 00000000 ____D () C:\Program Files (x86)\HQPro-Video 1.6V25.12
2014-12-25 15:51 - 2014-12-25 15:51 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-12-25 15:51 - 2014-12-25 15:51 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-12-25 15:51 - 2014-12-25 15:51 - 00000000 ____D () C:\Users\clara\AppData\Local\globalUpdate
2014-12-25 15:51 - 2014-12-25 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
2014-12-25 15:51 - 2014-12-25 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-12-25 15:51 - 2014-12-25 15:51 - 00000000 ____D () C:\Program Files (x86)\Super Optimizer
2014-12-25 15:51 - 2014-12-25 15:51 - 00000000 ____D () C:\Program Files (x86)\PepperZip
2014-12-25 15:51 - 2014-12-25 15:51 - 00000000 ____D () C:\Program Files (x86)\gmsd_de_40
2014-12-25 15:51 - 2014-12-25 15:51 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-12-25 15:51 - 2014-12-25 12:44 - 04963840 _____ () C:\Windows\rcore.exe
2014-12-25 15:50 - 2014-12-25 15:50 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2014-12-25 15:50 - 2014-12-25 15:50 - 00000000 ____D () C:\Users\clara\AppData\Roaming\InetStat
2014-12-25 15:33 - 2014-12-25 15:33 - 00000000 ____D () C:\Users\Public\OEM
2014-12-25 15:33 - 2014-12-25 15:33 - 00000000 ____D () C:\Users\clara\Documents\clear.fi
2014-12-25 15:30 - 2014-12-25 15:30 - 00000000 ____D () C:\Users\clara\AppData\Local\MediaShow
2014-12-25 15:29 - 2014-12-25 16:10 - 00000000 ____D () C:\Users\clara\Documents\CyberLink
2014-12-25 15:29 - 2014-12-25 15:29 - 00000000 ____D () C:\Users\clara\AppData\Roaming\CyberLink
2014-12-25 15:21 - 2014-12-25 15:21 - 00000000 ____D () C:\Users\clara\AppData\Local\CyberLink
2014-12-24 23:58 - 2014-12-26 21:05 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1514695704-1104078457-1827297199-1001
2014-12-24 23:57 - 2014-12-26 20:21 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CAD66C14-99B2-44DB-AD25-7B534EC424AC}
2014-12-24 23:57 - 2014-12-24 23:57 - 00000000 ____D () C:\Users\Public\Pokki
2014-12-24 23:56 - 2014-12-24 21:41 - 00002298 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-12-24 23:56 - 2014-12-24 18:54 - 00002127 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2014-12-24 23:54 - 2014-12-25 19:55 - 00000000 ____D () C:\Users\clara\AppData\Local\clear.fi
2014-12-24 23:54 - 2014-12-24 23:54 - 00000000 ____D () C:\Users\clara\PicStream
2014-12-24 23:53 - 2014-12-24 23:53 - 00002625 _____ () C:\Users\Public\Desktop\eBay.lnk
2014-12-24 23:53 - 2014-12-24 23:53 - 00001458 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-24 23:53 - 2014-12-24 23:53 - 00001280 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio-Manager.lnk
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Atheros
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Adobe
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Users\clara\AppData\Local\VirtualStore
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Users\clara\AppData\Local\OEM
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\ProgramData\OEM_YAHOO
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Program Files\Accessory Store
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Program Files (x86)\OEM
2014-12-24 23:52 - 2014-12-26 18:52 - 00000000 ____D () C:\Users\clara\AppData\Local\Pokki
2014-12-24 23:52 - 2014-12-24 23:54 - 00000000 ____D () C:\Users\clara\AppData\Local\Packages
2014-12-24 23:52 - 2014-12-24 23:52 - 00000180 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-12-24 23:52 - 2014-12-24 23:52 - 00000020 ___SH () C:\Users\clara\ntuser.ini
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Vorlagen
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Startmenü
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Netzwerkumgebung
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Lokale Einstellungen
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Eigene Dateien
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Druckumgebung
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Documents\Eigene Musik
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Documents\Eigene Bilder
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\AppData\Local\Verlauf
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\AppData\Local\Anwendungsdaten
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Anwendungsdaten
2014-12-24 23:52 - 2014-07-15 12:17 - 00000000 ___RD () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-24 23:52 - 2014-03-18 11:00 - 00000000 ___RD () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-24 23:52 - 2014-03-18 10:49 - 00000369 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-12-24 23:52 - 2014-03-18 10:49 - 00000369 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-12-24 23:52 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-24 23:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-24 23:51 - 2014-12-26 23:00 - 00814711 _____ () C:\Windows\WindowsUpdate.log
2014-12-24 23:51 - 2014-12-26 21:13 - 00000000 ____D () C:\Users\clara
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Programme
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-12-24 21:52 - 2014-12-26 18:51 - 00000000 __RDO () C:\Users\clara\OneDrive
2014-12-24 21:48 - 2014-12-24 21:48 - 00000000 ____D () C:\Users\clara\AppData\Local\Acer Aspire R7 Tutorial
2014-12-24 20:08 - 2014-12-24 20:08 - 00000000 ____D () C:\Users\clara\AppData\Roaming\WildTangent
2014-12-24 18:52 - 2014-12-24 18:52 - 00000000 __SHD () C:\Users\clara\AppData\Local\EmieUserList
2014-12-24 18:52 - 2014-12-24 18:52 - 00000000 __SHD () C:\Users\clara\AppData\Local\EmieSiteList
2014-12-24 18:52 - 2014-12-24 18:52 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Macromedia

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 23:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-26 20:54 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-26 20:49 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-26 18:57 - 2014-07-15 11:57 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-12-26 18:57 - 2014-07-15 11:57 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-12-26 18:57 - 2014-06-03 11:33 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-12-26 18:57 - 2014-03-18 10:47 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-26 18:49 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-26 18:48 - 2014-03-18 10:39 - 00003476 _____ () C:\Windows\PFRO.log
2014-12-26 09:56 - 2014-06-03 11:32 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-25 19:54 - 2014-06-03 11:21 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-12-25 19:48 - 2014-06-03 11:49 - 00000000 ___HD () C:\OEM
2014-12-25 19:28 - 2014-06-03 11:21 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-12-25 18:21 - 2013-08-22 15:46 - 00013846 _____ () C:\Windows\setupact.log
2014-12-25 16:13 - 2014-07-15 03:24 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-25 16:11 - 2014-07-15 03:39 - 00000000 ____D () C:\Users\Public\CyberLink
2014-12-24 23:55 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-24 23:53 - 2014-06-03 11:55 - 00000000 ____D () C:\Windows\Panther
2014-12-24 23:18 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-24 23:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT
2014-12-24 23:17 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default
2014-12-24 21:43 - 2014-06-03 11:21 - 00000000 ____D () C:\ProgramData\WildTangent
2014-12-24 20:09 - 2014-06-03 11:21 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-12-24 17:57 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness

Some content of TEMP:
====================
C:\Users\clara\AppData\Local\Temp\COMAP.EXE
C:\Users\clara\AppData\Local\Temp\D3065033-A7E9-A772-2B8A-BEFA7C6AFE24.dll
C:\Users\clara\AppData\Local\Temp\D3065033-A7E9-A772-2B8A-BEFA7C6AFE24.exe
C:\Users\clara\AppData\Local\Temp\EFDF6877-8E55-A3B8-0364-69652FE51F4F.exe
C:\Users\clara\AppData\Local\Temp\octF2AD.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2014
Ran by clara at 2014-12-26 23:12:05
Running from C:\Users\clara\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.2006.0 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.2006.0 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.2007 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3014.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Reader XI (11.0.04)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.03.2001.0 - Acer Incorporated)
ConvertAd (HKLM-x32\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION!
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3914.57 - CyberLink Corp.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
GamesDesktop 014.40 (HKLM-x32\...\gmsd_de_40_is1) (Version:  - GAMESDESKTOP)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Host App Service (HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\...\Pokki) (Version: 0.269.5.339 - Pokki)
HQPro-Video 1.6V25.12 (HKLM-x32\...\HQPro-Video 1.6V25.12) (Version: 1.35.12.18 - HQ-VideoV25.12) <==== ATTENTION
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
InetStat (HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\...\InetStat) (Version: 0.5b - InetStat) <==== ATTENTION!
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.397 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.2.0.3 - PC Utilities Software Limited) <==== ATTENTION
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
PepperZip 2.0 (HKLM-x32\...\PepperZip) (Version: 2.0 - PepperWare Co.Ltd.) <==== ATTENTION
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\...\Pokki_Start_Menu) (Version: 0.269.5.339 - Pokki)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21245 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
SpeedCheck (HKLM-x32\...\04C531DB-853E-E614-F2C7-24EF6EC541F0) (Version:  - SpeedCheck-software)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
StormWatch (HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\...\StormWatch) (Version: 1.0.1.36 - StormWatch) <==== ATTENTION!
Super Optimizer v3.2 (HKLM-x32\...\Super Optimizer_is1) (Version: 3.2.0.1 - Super PC Tools ltd)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden
Zombie Invasion (HKLM-x32\...\ZombieInvasion) (Version: 2.7.50 - Time Lapse Solutions)

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-27 00:05:13
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000027 ST500LT012-1DG142 rev.0001SDM1 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\clara\AppData\Local\Temp\kglciuoc.sys


---- User code sections - GMER 2.1 ----

.text    C:\Windows\system32\mfevtps.exe[1792] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506                                                                                                            00007ffefff1169a 4 bytes [F1, FF, FE, 7F]
.text    C:\Windows\system32\mfevtps.exe[1792] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514                                                                                                            00007ffefff116a2 4 bytes [F1, FF, FE, 7F]
.text    C:\Windows\system32\mfevtps.exe[1792] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118                                                                                                               00007ffefff1181a 4 bytes [F1, FF, FE, 7F]
.text    C:\Windows\system32\mfevtps.exe[1792] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142                                                                                                               00007ffefff11832 4 bytes [F1, FF, FE, 7F]
.text    C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4240] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                  00007ffefff1169a 4 bytes [F1, FF, FE, 7F]
.text    C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4240] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                  00007ffefff116a2 4 bytes [F1, FF, FE, 7F]
.text    C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4240] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                     00007ffefff1181a 4 bytes [F1, FF, FE, 7F]
.text    C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4240] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                     00007ffefff11832 4 bytes [F1, FF, FE, 7F]
.text    c:\PROGRA~1\mcafee\msc\mcupdmgr.exe[6340] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506                                                                                                        00007ffefff1169a 4 bytes [F1, FF, FE, 7F]
.text    c:\PROGRA~1\mcafee\msc\mcupdmgr.exe[6340] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514                                                                                                        00007ffefff116a2 4 bytes [F1, FF, FE, 7F]
.text    c:\PROGRA~1\mcafee\msc\mcupdmgr.exe[6340] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118                                                                                                           00007ffefff1181a 4 bytes [F1, FF, FE, 7F]
.text    c:\PROGRA~1\mcafee\msc\mcupdmgr.exe[6340] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142                                                                                                           00007ffefff11832 4 bytes [F1, FF, FE, 7F]
.text    c:\PROGRA~1\mcafee\vul\mcvulctr.exe[9152] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506                                                                                                        00007ffefff1169a 4 bytes [F1, FF, FE, 7F]
.text    c:\PROGRA~1\mcafee\vul\mcvulctr.exe[9152] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514                                                                                                        00007ffefff116a2 4 bytes [F1, FF, FE, 7F]
.text    c:\PROGRA~1\mcafee\vul\mcvulctr.exe[9152] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118                                                                                                           00007ffefff1181a 4 bytes [F1, FF, FE, 7F]
.text    c:\PROGRA~1\mcafee\vul\mcvulctr.exe[9152] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142                                                                                                           00007ffefff11832 4 bytes [F1, FF, FE, 7F]
.text    C:\Program Files\mcafee.com\agent\McUpdate.exe[8060] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                             00007ffefff1169a 4 bytes [F1, FF, FE, 7F]
.text    C:\Program Files\mcafee.com\agent\McUpdate.exe[8060] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                             00007ffefff116a2 4 bytes [F1, FF, FE, 7F]
.text    C:\Program Files\mcafee.com\agent\McUpdate.exe[8060] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                00007ffefff1181a 4 bytes [F1, FF, FE, 7F]
.text    C:\Program Files\mcafee.com\agent\McUpdate.exe[8060] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                00007ffefff11832 4 bytes [F1, FF, FE, 7F]

---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\csrss.exe [640:656]                                                                                                                                                                 fffff9600084bb90
Thread   C:\Windows\SysWOW64\rundll32.exe [1448:1576]                                                                                                                                                            000000007ed49ca0
Thread   C:\Windows\SysWOW64\rundll32.exe [1448:4184]                                                                                                                                                            000000007eb715e0
Thread   C:\Windows\SysWOW64\rundll32.exe [1564:1844]                                                                                                                                                            000000007f0a04d0
Thread   C:\Windows\SysWOW64\rundll32.exe [1564:4524]                                                                                                                                                            000000007efd8bf0
---- Processes - GMER 2.1 ----

Process  C:\Users\clara\AppData\Local\ConvertAd\CASrv.exe (*** suspicious ***) @ C:\Users\clara\AppData\Local\ConvertAd\CASrv.exe [1836](2014-                                                                   0000000000bc0000
Process  C:\Users\clara\AppData\Roaming\VOPackage\VOsrv.exe (*** suspicious ***) @ C:\Users\clara\AppData\Roaming\VOPackage\VOsrv.exe [1964](2014-12-25 14:52:31)                                                0000000000120000
Process  C:\Users\clara\AppData\Roaming\InetStat\inetstat.exe (*** suspicious ***) @ C:\Users\clara\AppData\Roaming\InetStat\inetstat.exe [5040](2014-12-25 14:50:37)                                            0000000000400000
Process  C:\Users\clara\AppData\Local\ConvertAd\ConvertAd.exe (*** suspicious ***) @ C:\Users\clara\AppData\Local\ConvertAd\ConvertAd.exe [3676](2014-12-25 13:42:00)                                            0000000000e20000
Library  C:\Users\clara\AppData\Local\Pokki\Engine\libPokki.dll (*** suspicious ***) @ C:\Users\clara\AppData\Local\Pokki\Engine\HostAppService.exe [3856] (Chromium/The Chromium Authors)(2014-12-20 22:37:34)  000000006a390000
Library  C:\Users\clara\AppData\Local\Pokki\Engine\icudt.dll (*** suspicious ***) @ C:\Users\clara\AppData\Local\Pokki\Engine\HostAppService.exe [3856] (ICU Data DLL/The ICU Project)(2014-09-24 14:35:46)      0000000069630000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                   unknown MBR code

---- EOF - GMER 2.1 ----

Ich würde mich sehr über Hilfe freuen! Es gehen dauernd Browsertabs und neue Fenster auf und komische Programme.
Vielen Dank im Voraus!

cosinus · 27.12.2014, 00:34

Zitat:

Meine Tochter hat sich beim Versuch, itunes zu installieren, leider verseuchtesZeug heruntergeladen.
McAfee hat Artemis diagnostiziert.

Log dazu? Was genau wurde angemeckert?

piepsi · 27.12.2014, 12:19

Hallo Cosinus, danke für deine Antwort!

Ich weiß leider nicht genau, wo man bei McAfee Berichte/Logs findet, ich konnte da nichts speichern.
Es wurde nur eine "Bedrohung" gefunden, Artemis!xxxxxxxxxx (Zahlen- und Buchstabenfolge) und isoliert. Ich werde mich gleich mal ranmachen und nach einem Logfile dazu suchen.

Ich weiß beim besten Willen nicht, wie man dort ein Logfile speichern oder einen Bericht exportieren kann. Ich kann die irgendwie nur abtippen...

Code:

ATTFilter

OptProSmartScan.exe    Artemis!39D279FEAEA4
OptProGuard.exe            Artemis!A5908D2F590E
OptProSchedule.exe.   Artemis!D827441E6BF3
OptProLauncher.exe.    Artemis!D9C155C51B08
setup.exe.                 Artemis!933C50469AB4
setup.exe.                 Artemis!0333BFF2A307
das letzte drei Mal.

cosinus · 27.12.2014, 15:24

Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

piepsi · 27.12.2014, 17:31

Hier sind die gewünschten Logfiles.

Code:

ATTFilter

# AdwCleaner v4.106 - Bericht erstellt am 27/12/2014 um 17:09:05
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Live]
# Betriebssystem : Windows 8.1 Connected  (64 bits)
# Benutzername : clara - PINKUNICORN
# Gestartet von : C:\Users\clara\Desktop\AdwCleaner_4.106.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
Dienst Gelöscht : servervo
Dienst Gelöscht : rcores
Dienst Gelöscht : SWUpdater
Dienst Gelöscht : webinstrNewH

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Browser
Ordner Gelöscht : C:\ProgramData\ZombieInvasion
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\PepperZip
Ordner Gelöscht : C:\Program Files (x86)\StormWatch
Ordner Gelöscht : C:\Program Files (x86)\Super Optimizer
Ordner Gelöscht : C:\Program Files (x86)\HQPro-Video 1.6V25.12
Ordner Gelöscht : C:\Program Files (x86)\gmsd_de_40
Ordner Gelöscht : C:\Users\clara\AppData\Local\ConvertAd
Ordner Gelöscht : C:\Users\clara\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\clara\AppData\Local\StormWatch
Ordner Gelöscht : C:\Users\clara\AppData\Local\Weather_Protector_LLC
Ordner Gelöscht : C:\Users\clara\AppData\Local\ZombieInvasion
Ordner Gelöscht : C:\Users\clara\AppData\Local\gmsd_de_40
Ordner Gelöscht : C:\Users\clara\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\clara\AppData\Roaming\Optimizer Pro
Ordner Gelöscht : C:\Users\clara\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\clara\AppData\Roaming\Super Optimizer
Ordner Gelöscht : C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
Ordner Gelöscht : C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
Ordner Gelöscht : C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gelöscht : C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
Ordner Gelöscht : C:\Users\clara\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\clara\Documents\Super Optimizer
Datei Gelöscht : C:\Windows\rcore.exe
Datei Gelöscht : C:\Windows\System32\drivers\webinstrNewH.sys
Datei Gelöscht : C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
Datei Gelöscht : C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk

***** [ Tasks ] *****

Task Gelöscht : globalUpdateUpdateTaskMachineCore
Task Gelöscht : globalUpdateUpdateTaskMachineUA
Task Gelöscht : Optimizer Pro Schedule
Task Gelöscht : SpeedCheck Update
Task Gelöscht : 257662b9-45e5-45c1-8746-c22cab96b03f-1
Task Gelöscht : 257662b9-45e5-45c1-8746-c22cab96b03f-2
Task Gelöscht : 257662b9-45e5-45c1-8746-c22cab96b03f-5
Task Gelöscht : 257662b9-45e5-45c1-8746-c22cab96b03f-5_user

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKCU\Software\Classes\Applications\inetstat.exe
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_de_40]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611171162}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172262}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175562}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176662}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644174462}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171162}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611171162}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3ef1e878-9ca2-45e9-80d7-87c4d7697150}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{802cd414-0644-46c0-a2f1-052e762a51ba}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611171162}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172262}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175562}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176662}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171162}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3ef1e878-9ca2-45e9-80d7-87c4d7697150}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{802cd414-0644-46c0-a2f1-052e762a51ba}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\PepperZip
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKCU\Software\Tutorials
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\StormWatchApp
Schlüssel Gelöscht : HKCU\Software\Wnkey
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\HQPro-Video 1.6V25.12
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\StormWatch
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
Schlüssel Gelöscht : HKLM\SOFTWARE\GAMESDESKTOP
Schlüssel Gelöscht : HKLM\SOFTWARE\HQPro-Video 1.6V25.12
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\StormWatch
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PepperZip
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HQPro-Video 1.6V25.12
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_de_40_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17037


-\\ Mozilla Firefox v34.0.5 (x86 de)


*************************

AdwCleaner[R0].txt - [15023 octets] - [27/12/2014 17:04:54]
AdwCleaner[S0].txt - [13915 octets] - [27/12/2014 17:09:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13976 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 Connected x64
Ran by clara on 27.12.2014 at 17:15:35,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.12.2014 at 17:21:06,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014
Ran by clara (administrator) on PINKUNICORN on 27-12-2014 17:22:36
Running from C:\Users\clara\Desktop
Loaded Profile: clara (Available profiles: clara)
Platform: Windows 8.1 Connected (Update 1) (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Time Lapse Solutions) C:\ProgramData\cDQBHoBttZ\UtnhMyWMJup.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUicnt.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\McUpdate.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-07-24] (McAfee, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SpeedCheck -> {ACE0A21D-5909-76E7-3EE8-9B3BA84F5365} -> C:\Program Files (x86)\ver2SpeedCheck\184_x64.dll ()
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: SpeedCheck -> {ACE0A21D-5909-76E7-3EE8-9B3BA84F5365} -> C:\Program Files (x86)\ver2SpeedCheck\184.dll ()
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\mcsniepl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\clara\AppData\Roaming\Mozilla\Firefox\Profiles\84o4ajrv.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
FF Plugin-x32: Adobe Reader -> c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-06-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-03]
FF HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\...\Firefox\Extensions: [{4B55B3C6-B7D6-F951-65AD-4BBEB0EF1F8E}] - C:\Program Files (x86)\ver2SpeedCheck\184.xpi
FF Extension: SpeedCheck - C:\Program Files (x86)\ver2SpeedCheck\184.xpi [2014-12-25]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-12-27]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-12-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0173021419696749mcinstcleanup; C:\Windows\TEMP\017302~1.EXE [827456 2012-01-09] (McAfee, Inc.)
S2 9b784ed1; c:\Program Files (x86)\Optimizer Pro 3.16\OptProMon.dll [5079632 2014-12-25] ()
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2709760 2014-11-17] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [175464 2013-07-24] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-07-06] (McAfee, Inc.)
R2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-04-28] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-04-28] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer)
R2 UtnhMyWMJup; C:\ProgramData\cDQBHoBttZ\UtnhMyWMJup.exe [2726776 2014-12-25] (Time Lapse Solutions)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-07-15] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-07-15] (Microsoft Corporation)
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT
S2 serverca; C:\Users\clara\AppData\Local\ConvertAd\CASrv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
S3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [461528 2013-12-20] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2014-07-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 17:22 - 2014-12-27 17:23 - 00014699 _____ () C:\Users\clara\Desktop\FRST.txt
2014-12-27 17:21 - 2014-12-27 17:21 - 00000624 _____ () C:\Users\clara\Desktop\JRT.txt
2014-12-27 17:15 - 2014-12-27 17:15 - 00000000 ____D () C:\Windows\ERUNT
2014-12-27 17:15 - 2014-12-27 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-27 17:13 - 2014-12-27 17:13 - 00014105 _____ () C:\Users\clara\Desktop\AdwCleaner[S0].txt
2014-12-27 17:08 - 2014-12-27 17:08 - 00015023 _____ () C:\Users\clara\Desktop\AdwCleaner[R0].txt
2014-12-27 17:04 - 2014-12-27 17:09 - 00000000 ____D () C:\AdwCleaner
2014-12-27 16:34 - 2014-12-27 16:34 - 01707646 _____ (Thisisu) C:\Users\clara\Desktop\JRT.exe
2014-12-27 16:32 - 2014-12-27 16:33 - 02173952 _____ () C:\Users\clara\Desktop\AdwCleaner_4.106.exe
2014-12-26 23:28 - 2014-12-26 23:29 - 00380416 _____ () C:\Users\clara\Downloads\Gmer-19357(1).exe
2014-12-26 23:28 - 2014-12-26 23:28 - 00380416 _____ () C:\Users\clara\Desktop\Gmer-19357.exe
2014-12-26 21:42 - 2014-12-27 17:22 - 00000000 ____D () C:\FRST
2014-12-26 21:28 - 2014-12-26 21:29 - 02122752 _____ (Farbar) C:\Users\clara\Desktop\FRST64.exe
2014-12-26 21:13 - 2014-12-26 21:13 - 00000000 _____ () C:\Users\clara\defogger_reenable
2014-12-26 21:10 - 2014-12-26 21:10 - 00050477 _____ () C:\Users\clara\Desktop\Defogger.exe
2014-12-26 20:55 - 2014-12-26 20:56 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Mozilla
2014-12-26 20:55 - 2014-12-26 20:56 - 00000000 ____D () C:\Users\clara\AppData\Local\Mozilla
2014-12-26 20:55 - 2014-12-26 20:55 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-26 20:55 - 2014-12-26 20:55 - 00001167 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-26 20:55 - 2014-12-26 20:55 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-26 20:55 - 2014-12-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-26 20:55 - 2014-12-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-25 19:48 - 2014-12-25 19:48 - 00000000 ____D () C:\Users\clara\AppData\Local\AOP SDK
2014-12-25 18:21 - 2014-12-25 18:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-12-25 16:00 - 2014-12-25 16:01 - 00000000 ____D () C:\ProgramData\cDQBHoBttZ
2014-12-25 15:57 - 2014-12-27 11:57 - 00003254 _____ () C:\Windows\System32\Tasks\Super Optimizer Schedule
2014-12-25 15:54 - 2014-12-26 18:58 - 00000000 ___HD () C:\Users\Public\Temp
2014-12-25 15:53 - 2014-12-27 17:04 - 00001925 _____ () C:\Windows\patsearch.bin
2014-12-25 15:53 - 2014-12-25 15:54 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.16
2014-12-25 15:53 - 2014-12-25 15:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-25 15:53 - 2014-12-25 15:53 - 00000000 ____D () C:\Program Files (x86)\ver2SpeedCheck
2014-12-25 15:51 - 2014-12-27 17:11 - 00001360 _____ () C:\Windows\Tasks\HUDYW.job
2014-12-25 15:51 - 2014-12-25 15:54 - 01990120 _____ (HQ-VideoV25.12) C:\Users\clara\AppData\Roaming\HUDYW.exe
2014-12-25 15:51 - 2014-12-25 15:54 - 00004372 _____ () C:\Windows\System32\Tasks\HUDYW
2014-12-25 15:33 - 2014-12-25 15:33 - 00000000 ____D () C:\Users\Public\OEM
2014-12-25 15:33 - 2014-12-25 15:33 - 00000000 ____D () C:\Users\clara\Documents\clear.fi
2014-12-25 15:30 - 2014-12-25 15:30 - 00000000 ____D () C:\Users\clara\AppData\Local\MediaShow
2014-12-25 15:29 - 2014-12-25 16:10 - 00000000 ____D () C:\Users\clara\Documents\CyberLink
2014-12-25 15:29 - 2014-12-25 15:29 - 00000000 ____D () C:\Users\clara\AppData\Roaming\CyberLink
2014-12-25 15:21 - 2014-12-25 15:21 - 00000000 ____D () C:\Users\clara\AppData\Local\CyberLink
2014-12-24 23:58 - 2014-12-27 17:22 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1514695704-1104078457-1827297199-1001
2014-12-24 23:57 - 2014-12-27 11:56 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CAD66C14-99B2-44DB-AD25-7B534EC424AC}
2014-12-24 23:57 - 2014-12-24 23:57 - 00000000 ____D () C:\Users\Public\Pokki
2014-12-24 23:56 - 2014-12-24 21:41 - 00002298 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-12-24 23:56 - 2014-12-24 18:54 - 00002127 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2014-12-24 23:54 - 2014-12-25 19:55 - 00000000 ____D () C:\Users\clara\AppData\Local\clear.fi
2014-12-24 23:54 - 2014-12-24 23:54 - 00000000 ____D () C:\Users\clara\PicStream
2014-12-24 23:53 - 2014-12-24 23:53 - 00001458 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-24 23:53 - 2014-12-24 23:53 - 00001280 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio-Manager.lnk
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Atheros
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Adobe
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Users\clara\AppData\Local\VirtualStore
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Users\clara\AppData\Local\OEM
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\ProgramData\OEM_YAHOO
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Program Files\Accessory Store
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Program Files (x86)\OEM
2014-12-24 23:52 - 2014-12-27 11:39 - 00000000 ____D () C:\Users\clara\AppData\Local\Pokki
2014-12-24 23:52 - 2014-12-24 23:54 - 00000000 ____D () C:\Users\clara\AppData\Local\Packages
2014-12-24 23:52 - 2014-12-24 23:52 - 00000180 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-12-24 23:52 - 2014-12-24 23:52 - 00000020 ___SH () C:\Users\clara\ntuser.ini
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Vorlagen
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Startmenü
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Netzwerkumgebung
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Lokale Einstellungen
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Eigene Dateien
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Druckumgebung
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Documents\Eigene Musik
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Documents\Eigene Bilder
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\AppData\Local\Verlauf
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\AppData\Local\Anwendungsdaten
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Anwendungsdaten
2014-12-24 23:52 - 2014-07-15 12:17 - 00000000 ___RD () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-24 23:52 - 2014-03-18 11:00 - 00000000 ___RD () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-24 23:52 - 2014-03-18 10:49 - 00000369 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-12-24 23:52 - 2014-03-18 10:49 - 00000369 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-12-24 23:52 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-24 23:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-24 23:51 - 2014-12-27 16:54 - 00835213 _____ () C:\Windows\WindowsUpdate.log
2014-12-24 23:51 - 2014-12-26 21:13 - 00000000 ____D () C:\Users\clara
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Programme
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-12-24 21:52 - 2014-12-27 17:12 - 00000000 __RDO () C:\Users\clara\OneDrive
2014-12-24 21:48 - 2014-12-24 21:48 - 00000000 ____D () C:\Users\clara\AppData\Local\Acer Aspire R7 Tutorial
2014-12-24 20:08 - 2014-12-24 20:08 - 00000000 ____D () C:\Users\clara\AppData\Roaming\WildTangent
2014-12-24 18:52 - 2014-12-24 18:52 - 00000000 __SHD () C:\Users\clara\AppData\Local\EmieUserList
2014-12-24 18:52 - 2014-12-24 18:52 - 00000000 __SHD () C:\Users\clara\AppData\Local\EmieSiteList
2014-12-24 18:52 - 2014-12-24 18:52 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Macromedia

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 17:22 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-27 17:18 - 2014-07-15 11:57 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-12-27 17:18 - 2014-07-15 11:57 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-12-27 17:18 - 2014-03-18 10:47 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-27 17:12 - 2014-06-03 11:33 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-12-27 17:11 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-27 17:10 - 2014-03-18 10:39 - 00006036 _____ () C:\Windows\PFRO.log
2014-12-27 17:10 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-27 16:54 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-26 20:49 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-26 09:56 - 2014-06-03 11:32 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-25 19:54 - 2014-06-03 11:21 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-12-25 19:48 - 2014-06-03 11:49 - 00000000 ___HD () C:\OEM
2014-12-25 19:28 - 2014-06-03 11:21 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-12-25 18:21 - 2013-08-22 15:46 - 00013846 _____ () C:\Windows\setupact.log
2014-12-25 16:13 - 2014-07-15 03:24 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-25 16:11 - 2014-07-15 03:39 - 00000000 ____D () C:\Users\Public\CyberLink
2014-12-24 23:55 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-24 23:53 - 2014-06-03 11:55 - 00000000 ____D () C:\Windows\Panther
2014-12-24 23:18 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-24 23:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT
2014-12-24 23:17 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default
2014-12-24 21:43 - 2014-06-03 11:21 - 00000000 ____D () C:\ProgramData\WildTangent
2014-12-24 20:09 - 2014-06-03 11:21 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-12-24 17:57 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness

Some content of TEMP:
====================
C:\Users\clara\AppData\Local\Temp\COMAP.EXE
C:\Users\clara\AppData\Local\Temp\D3065033-A7E9-A772-2B8A-BEFA7C6AFE24.dll
C:\Users\clara\AppData\Local\Temp\D3065033-A7E9-A772-2B8A-BEFA7C6AFE24.exe
C:\Users\clara\AppData\Local\Temp\EFDF6877-8E55-A3B8-0364-69652FE51F4F.exe
C:\Users\clara\AppData\Local\Temp\octF2AD.tmp.exe
C:\Users\clara\AppData\Local\Temp\Quarantine.exe
C:\Users\clara\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-03 10:56

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2014
Ran by clara at 2014-12-27 17:24:15
Running from C:\Users\clara\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.2006.0 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.2006.0 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.2007 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3014.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Reader XI (11.0.04)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.03.2001.0 - Acer Incorporated)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3914.57 - CyberLink Corp.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.397 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\...\Pokki_Start_Menu) (Version: 0.269.5.339 - Pokki)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21245 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
SpeedCheck (HKLM-x32\...\04C531DB-853E-E614-F2C7-24EF6EC541F0) (Version:  - SpeedCheck-software)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden
Zombie Invasion (HKLM-x32\...\ZombieInvasion) (Version: 2.7.50 - Time Lapse Solutions)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1514695704-1104078457-1827297199-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {292D4EFF-E106-4F0E-A418-D58E2BB731A0} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-24] (TODO: <Company name>)
Task: {3D5653C2-1B80-42DE-AA14-B24626ADC50F} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)
Task: {697086CD-3D09-46B2-B64E-51BC91B83B7A} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2014-01-16] (Acer Incorporated)
Task: {6A26883B-7050-4BA7-80BF-C6A8BABEFD81} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)
Task: {8C14F12C-BF54-41D0-9EBD-F33C47A05DEE} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-04-28] (Acer Incorporate)
Task: {B05D941D-0A08-417F-A47B-F7F83F172614} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {CC7F9851-8D43-4347-9A22-7D89054DB197} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
Task: {E34E17E7-E73B-48B3-B507-12289CE275D4} - System32\Tasks\HUDYW => C:\Users\clara\AppData\Roaming\HUDYW.exe [2014-12-25] (HQ-VideoV25.12) <==== ATTENTION
Task: {F0B132C0-EA59-48BD-A605-E08B4F2CDDDE} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {F3F16715-3647-4C65-BB08-FAB891513F9E} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-04-28] (Acer Incorporate)
Task: {F6CAFC0C-D2C7-4489-890D-3A5038A4C6DC} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
Task: C:\Windows\Tasks\HUDYW.job => C:\Users\clara\AppData\Roaming\HUDYW.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-07-15 03:29 - 2012-04-24 11:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-06-03 11:52 - 2014-03-07 17:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll
2014-02-25 21:14 - 2014-02-25 21:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-25 21:11 - 2014-02-25 21:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-25 21:17 - 2014-02-25 21:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\clara\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1514695704-1104078457-1827297199-500 - Administrator - Disabled)
clara (S-1-5-21-1514695704-1104078457-1827297199-1001 - Administrator - Enabled) => C:\Users\clara
Gast (S-1-5-21-1514695704-1104078457-1827297199-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz
Percentage of memory in use: 61%
Total physical RAM: 1931.2 MB
Available physical RAM: 743 MB
Total Pagefile: 3083.2 MB
Available Pagefile: 1738.93 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:448.93 GB) (Free:423.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: BB75FA2F)

Partition: GPT Partition Type.

==================== End Of Log ============================

cosinus · 27.12.2014, 22:41

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SpeedCheck -> {ACE0A21D-5909-76E7-3EE8-9B3BA84F5365} -> C:\Program Files (x86)\ver2SpeedCheck\184_x64.dll ()
BHO-x32: SpeedCheck -> {ACE0A21D-5909-76E7-3EE8-9B3BA84F5365} -> C:\Program Files (x86)\ver2SpeedCheck\184.dll ()
S2 9b784ed1; c:\Program Files (x86)\Optimizer Pro 3.16\OptProMon.dll [5079632 2014-12-25] ()
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT
S2 serverca; C:\Users\clara\AppData\Local\ConvertAd\CASrv.exe [X]
Task: {E34E17E7-E73B-48B3-B507-12289CE275D4} - System32\Tasks\HUDYW => C:\Users\clara\AppData\Roaming\HUDYW.exe [2014-12-25] (HQ-VideoV25.12) <==== ATTENTION
Task: C:\Windows\Tasks\HUDYW.job => C:\Users\clara\AppData\Roaming\HUDYW.exe <==== ATTENTION
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

piepsi · 28.12.2014, 14:24

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-12-2014
Ran by clara at 2014-12-28 14:10:57 Run:1
Running from C:\Users\clara\Desktop
Loaded Profile: clara (Available profiles: clara)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SpeedCheck -> {ACE0A21D-5909-76E7-3EE8-9B3BA84F5365} -> C:\Program Files (x86)\ver2SpeedCheck\184_x64.dll ()
BHO-x32: SpeedCheck -> {ACE0A21D-5909-76E7-3EE8-9B3BA84F5365} -> C:\Program Files (x86)\ver2SpeedCheck\184.dll ()
S2 9b784ed1; c:\Program Files (x86)\Optimizer Pro 3.16\OptProMon.dll [5079632 2014-12-25] ()
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT
S2 serverca; C:\Users\clara\AppData\Local\ConvertAd\CASrv.exe [X]
Task: {E34E17E7-E73B-48B3-B507-12289CE275D4} - System32\Tasks\HUDYW => C:\Users\clara\AppData\Roaming\HUDYW.exe [2014-12-25] (HQ-VideoV25.12) <==== ATTENTION
Task: C:\Windows\Tasks\HUDYW.job => C:\Users\clara\AppData\Roaming\HUDYW.exe <==== ATTENTION
EmptyTemp:
Hosts:
         
*****************

HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Super Optimizer => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ACE0A21D-5909-76E7-3EE8-9B3BA84F5365}" => Key deleted successfully.
"HKCR\CLSID\{ACE0A21D-5909-76E7-3EE8-9B3BA84F5365}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ACE0A21D-5909-76E7-3EE8-9B3BA84F5365}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{ACE0A21D-5909-76E7-3EE8-9B3BA84F5365}" => Key deleted successfully.
9b784ed1 => Service deleted successfully.
cae99edb => Service deleted successfully.
serverca => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E34E17E7-E73B-48B3-B507-12289CE275D4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E34E17E7-E73B-48B3-B507-12289CE275D4}" => Key deleted successfully.
C:\Windows\System32\Tasks\HUDYW => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HUDYW" => Key deleted successfully.
C:\Windows\Tasks\HUDYW.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.6 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 14:16:04 ====

cosinus · 29.12.2014, 00:10

Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

piepsi · 29.12.2014, 12:15

Hupsi, das habe ich gestern Abend doch glatt vergessen.
Hier die beiden Logs:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by clara (administrator) on PINKUNICORN on 29-12-2014 12:09:38
Running from C:\Users\clara\Desktop
Loaded Profile: clara (Available profiles: clara)
Platform: Windows 8.1 Connected (Update 1) (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Time Lapse Solutions) C:\ProgramData\cDQBHoBttZ\UtnhMyWMJup.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcupdmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-07-24] (McAfee, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoControlPanel] 0

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\mcsniepl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\clara\AppData\Roaming\Mozilla\Firefox\Profiles\84o4ajrv.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
FF Plugin-x32: Adobe Reader -> c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-06-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-03]
FF HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\...\Firefox\Extensions: [{4B55B3C6-B7D6-F951-65AD-4BBEB0EF1F8E}] - C:\Program Files (x86)\ver2SpeedCheck\184.xpi
FF Extension: SpeedCheck - C:\Program Files (x86)\ver2SpeedCheck\184.xpi [2014-12-25]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-12-27]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-12-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2709760 2014-11-17] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [175464 2013-07-24] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-07-06] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-04-28] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-04-28] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer)
R2 UtnhMyWMJup; C:\ProgramData\cDQBHoBttZ\UtnhMyWMJup.exe [2726776 2014-12-25] (Time Lapse Solutions)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-07-15] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-07-15] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [461528 2013-12-20] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2014-07-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 12:09 - 2014-12-29 12:10 - 00013766 _____ () C:\Users\clara\Desktop\FRST.txt
2014-12-29 12:09 - 2014-12-29 12:09 - 00000000 ____D () C:\Users\clara\Desktop\FRST-OlderVersion
2014-12-29 01:21 - 2014-12-29 01:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-27 17:26 - 2014-12-29 09:10 - 00000000 ____D () C:\Users\clara\AppData\Local\ZombieInvasion
2014-12-27 17:15 - 2014-12-27 17:15 - 00000000 ____D () C:\Windows\ERUNT
2014-12-27 17:04 - 2014-12-27 17:09 - 00000000 ____D () C:\AdwCleaner
2014-12-27 16:34 - 2014-12-27 16:34 - 01707646 _____ (Thisisu) C:\Users\clara\Desktop\JRT.exe
2014-12-27 16:32 - 2014-12-27 16:33 - 02173952 _____ () C:\Users\clara\Desktop\AdwCleaner_4.106.exe
2014-12-26 23:28 - 2014-12-26 23:29 - 00380416 _____ () C:\Users\clara\Downloads\Gmer-19357(1).exe
2014-12-26 23:28 - 2014-12-26 23:28 - 00380416 _____ () C:\Users\clara\Desktop\Gmer-19357.exe
2014-12-26 21:42 - 2014-12-29 12:09 - 00000000 ____D () C:\FRST
2014-12-26 21:28 - 2014-12-29 12:09 - 02123264 _____ (Farbar) C:\Users\clara\Desktop\FRST64.exe
2014-12-26 21:13 - 2014-12-26 21:13 - 00000000 _____ () C:\Users\clara\defogger_reenable
2014-12-26 21:10 - 2014-12-26 21:10 - 00050477 _____ () C:\Users\clara\Desktop\Defogger.exe
2014-12-26 20:55 - 2014-12-26 20:56 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Mozilla
2014-12-26 20:55 - 2014-12-26 20:56 - 00000000 ____D () C:\Users\clara\AppData\Local\Mozilla
2014-12-26 20:55 - 2014-12-26 20:55 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-26 20:55 - 2014-12-26 20:55 - 00001167 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-26 20:55 - 2014-12-26 20:55 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-26 20:55 - 2014-12-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-26 20:55 - 2014-12-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-25 19:48 - 2014-12-25 19:48 - 00000000 ____D () C:\Users\clara\AppData\Local\AOP SDK
2014-12-25 18:21 - 2014-12-25 18:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-12-25 16:00 - 2014-12-25 16:01 - 00000000 ____D () C:\ProgramData\cDQBHoBttZ
2014-12-25 15:57 - 2014-12-27 11:57 - 00003254 _____ () C:\Windows\System32\Tasks\Super Optimizer Schedule
2014-12-25 15:54 - 2014-12-26 18:58 - 00000000 ___HD () C:\Users\Public\Temp
2014-12-25 15:53 - 2014-12-27 17:04 - 00001925 _____ () C:\Windows\patsearch.bin
2014-12-25 15:53 - 2014-12-25 15:54 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.16
2014-12-25 15:53 - 2014-12-25 15:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-25 15:53 - 2014-12-25 15:53 - 00000000 ____D () C:\Program Files (x86)\ver2SpeedCheck
2014-12-25 15:51 - 2014-12-25 15:54 - 01990120 _____ (HQ-VideoV25.12) C:\Users\clara\AppData\Roaming\HUDYW.exe
2014-12-25 15:33 - 2014-12-25 15:33 - 00000000 ____D () C:\Users\Public\OEM
2014-12-25 15:33 - 2014-12-25 15:33 - 00000000 ____D () C:\Users\clara\Documents\clear.fi
2014-12-25 15:30 - 2014-12-25 15:30 - 00000000 ____D () C:\Users\clara\AppData\Local\MediaShow
2014-12-25 15:29 - 2014-12-25 16:10 - 00000000 ____D () C:\Users\clara\Documents\CyberLink
2014-12-25 15:29 - 2014-12-25 15:29 - 00000000 ____D () C:\Users\clara\AppData\Roaming\CyberLink
2014-12-25 15:21 - 2014-12-25 15:21 - 00000000 ____D () C:\Users\clara\AppData\Local\CyberLink
2014-12-24 23:58 - 2014-12-29 01:26 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1514695704-1104078457-1827297199-1001
2014-12-24 23:57 - 2014-12-28 14:05 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CAD66C14-99B2-44DB-AD25-7B534EC424AC}
2014-12-24 23:57 - 2014-12-24 23:57 - 00000000 ____D () C:\Users\Public\Pokki
2014-12-24 23:56 - 2014-12-24 21:41 - 00002298 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-12-24 23:56 - 2014-12-24 18:54 - 00002127 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2014-12-24 23:54 - 2014-12-25 19:55 - 00000000 ____D () C:\Users\clara\AppData\Local\clear.fi
2014-12-24 23:54 - 2014-12-24 23:54 - 00000000 ____D () C:\Users\clara\PicStream
2014-12-24 23:53 - 2014-12-24 23:53 - 00001458 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-24 23:53 - 2014-12-24 23:53 - 00001280 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio-Manager.lnk
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Atheros
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Adobe
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Users\clara\AppData\Local\VirtualStore
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Users\clara\AppData\Local\OEM
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\ProgramData\OEM_YAHOO
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Program Files\Accessory Store
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Program Files (x86)\OEM
2014-12-24 23:52 - 2014-12-27 11:39 - 00000000 ____D () C:\Users\clara\AppData\Local\Pokki
2014-12-24 23:52 - 2014-12-24 23:54 - 00000000 ____D () C:\Users\clara\AppData\Local\Packages
2014-12-24 23:52 - 2014-12-24 23:52 - 00000180 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-12-24 23:52 - 2014-12-24 23:52 - 00000020 ___SH () C:\Users\clara\ntuser.ini
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Vorlagen
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Startmenü
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Netzwerkumgebung
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Lokale Einstellungen
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Eigene Dateien
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Druckumgebung
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Documents\Eigene Musik
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Documents\Eigene Bilder
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\AppData\Local\Verlauf
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\AppData\Local\Anwendungsdaten
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Anwendungsdaten
2014-12-24 23:52 - 2014-07-15 12:17 - 00000000 ___RD () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-24 23:52 - 2014-03-18 11:00 - 00000000 ___RD () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-24 23:52 - 2014-03-18 10:49 - 00000369 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-12-24 23:52 - 2014-03-18 10:49 - 00000369 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-12-24 23:52 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-24 23:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-24 23:51 - 2014-12-29 12:08 - 01478625 _____ () C:\Windows\WindowsUpdate.log
2014-12-24 23:51 - 2014-12-26 21:13 - 00000000 ____D () C:\Users\clara
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Programme
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-12-24 21:52 - 2014-12-29 12:09 - 00000000 __RDO () C:\Users\clara\OneDrive
2014-12-24 21:48 - 2014-12-24 21:48 - 00000000 ____D () C:\Users\clara\AppData\Local\Acer Aspire R7 Tutorial
2014-12-24 20:08 - 2014-12-24 20:08 - 00000000 ____D () C:\Users\clara\AppData\Roaming\WildTangent
2014-12-24 18:52 - 2014-12-24 18:52 - 00000000 __SHD () C:\Users\clara\AppData\Local\EmieUserList
2014-12-24 18:52 - 2014-12-24 18:52 - 00000000 __SHD () C:\Users\clara\AppData\Local\EmieSiteList
2014-12-24 18:52 - 2014-12-24 18:52 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Macromedia

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 12:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-29 09:46 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-28 14:25 - 2014-07-15 11:57 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-12-28 14:25 - 2014-07-15 11:57 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-12-28 14:25 - 2014-03-18 10:47 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-28 14:19 - 2014-03-18 10:39 - 00007158 _____ () C:\Windows\PFRO.log
2014-12-28 14:19 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-28 14:19 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-28 14:19 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-28 14:18 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-12-27 17:12 - 2014-06-03 11:33 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-12-26 20:49 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-26 09:56 - 2014-06-03 11:32 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-25 19:54 - 2014-06-03 11:21 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-12-25 19:48 - 2014-06-03 11:49 - 00000000 ___HD () C:\OEM
2014-12-25 19:28 - 2014-06-03 11:21 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-12-25 18:21 - 2013-08-22 15:46 - 00013846 _____ () C:\Windows\setupact.log
2014-12-25 16:13 - 2014-07-15 03:24 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-25 16:11 - 2014-07-15 03:39 - 00000000 ____D () C:\Users\Public\CyberLink
2014-12-24 23:53 - 2014-06-03 11:55 - 00000000 ____D () C:\Windows\Panther
2014-12-24 23:18 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-24 23:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT
2014-12-24 23:17 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default
2014-12-24 21:43 - 2014-06-03 11:21 - 00000000 ____D () C:\ProgramData\WildTangent
2014-12-24 20:09 - 2014-06-03 11:21 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-12-24 17:57 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-03 10:56

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by clara at 2014-12-29 12:11:38
Running from C:\Users\clara\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.2006.0 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.2006.0 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.2007 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3014.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Reader XI (11.0.04)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.03.2001.0 - Acer Incorporated)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3914.57 - CyberLink Corp.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.397 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\...\Pokki_Start_Menu) (Version: 0.269.5.339 - Pokki)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21245 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
SpeedCheck (HKLM-x32\...\04C531DB-853E-E614-F2C7-24EF6EC541F0) (Version:  - SpeedCheck-software)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden
Zombie Invasion (HKLM-x32\...\ZombieInvasion) (Version: 2.7.50 - Time Lapse Solutions)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1514695704-1104078457-1827297199-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-12-28 14:11 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {292D4EFF-E106-4F0E-A418-D58E2BB731A0} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-24] (TODO: <Company name>)
Task: {3D5653C2-1B80-42DE-AA14-B24626ADC50F} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)
Task: {697086CD-3D09-46B2-B64E-51BC91B83B7A} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2014-01-16] (Acer Incorporated)
Task: {6A26883B-7050-4BA7-80BF-C6A8BABEFD81} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)
Task: {8C14F12C-BF54-41D0-9EBD-F33C47A05DEE} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-04-28] (Acer Incorporate)
Task: {B05D941D-0A08-417F-A47B-F7F83F172614} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {CC7F9851-8D43-4347-9A22-7D89054DB197} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
Task: {F0B132C0-EA59-48BD-A605-E08B4F2CDDDE} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {F3F16715-3647-4C65-BB08-FAB891513F9E} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-04-28] (Acer Incorporate)
Task: {F6CAFC0C-D2C7-4489-890D-3A5038A4C6DC} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)

==================== Loaded Modules (whitelisted) =============

2014-07-15 03:29 - 2012-04-24 11:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-02-25 21:14 - 2014-02-25 21:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-25 21:11 - 2014-02-25 21:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-25 21:17 - 2014-02-25 21:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-07-15 02:52 - 2013-10-01 10:09 - 00078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-06-03 11:52 - 2014-03-07 17:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\clara\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1514695704-1104078457-1827297199-500 - Administrator - Disabled)
clara (S-1-5-21-1514695704-1104078457-1827297199-1001 - Administrator - Enabled) => C:\Users\clara
Gast (S-1-5-21-1514695704-1104078457-1827297199-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/29/2014 00:08:06 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.

Error: (12/28/2014 02:14:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: McSvHost.exe, Version: 3.8.120.0, Zeitstempel: 0x522e3a98
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x530895af
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000033a72
ID des fehlerhaften Prozesses: 0x7f8
Startzeit der fehlerhaften Anwendung: 0xMcSvHost.exe0
Pfad der fehlerhaften Anwendung: McSvHost.exe1
Pfad des fehlerhaften Moduls: McSvHost.exe2
Berichtskennung: McSvHost.exe3
Vollständiger Name des fehlerhaften Pakets: McSvHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: McSvHost.exe5

Error: (12/28/2014 06:18:04 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


System errors:
=============
Error: (12/29/2014 00:07:16 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (12/29/2014 10:02:46 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (12/29/2014 10:02:45 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (12/29/2014 10:02:42 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (12/29/2014 10:02:40 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (12/28/2014 02:18:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Anti-Spam Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/28/2014 02:18:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Anti-Spam Service erreicht.

Error: (12/28/2014 02:18:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/28/2014 02:18:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Proxy Service erreicht.

Error: (12/28/2014 02:18:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Personal Firewall Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (12/29/2014 00:08:06 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d

Error: (12/28/2014 02:14:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.120.0522e3a98ntdll.dll6.3.9600.17031530895afc00000050000000000033a727f801d021efcd7a00deC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Windows\SYSTEM32\ntdll.dll78258a25-8e93-11e4-8262-f8a963d99a6c

Error: (12/28/2014 06:18:04 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz
Percentage of memory in use: 54%
Total physical RAM: 1931.2 MB
Available physical RAM: 885.9 MB
Total Pagefile: 3083.2 MB
Available Pagefile: 1511.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:448.93 GB) (Free:422.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: BB75FA2F)

Partition: GPT Partition Type.

==================== End Of Log ============================

cosinus · 29.12.2014, 18:30

Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

piepsi · 29.12.2014, 21:08

Huhu Cosinus, hier die beiden Logs:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 29.12.2014
Suchlauf-Zeit: 18:44:38
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.29.06
Rootkit Datenbank: v2014.12.23.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: clara

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 323612
Verstrichene Zeit: 31 Min, 51 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.ZombieInvasion.A, C:\ProgramData\cDQBHoBttZ\UtnhMyWMJup.exe, 1300, Löschen bei Neustart, [e8b2c8a01666c96ddb55eada827f6799]

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 7
PUP.Optional.ZombieInvasion.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UtnhMyWMJup, In Quarantäne, [e8b2c8a01666c96ddb55eada827f6799], 
PUP.Optional.CrossRider.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQPro-Video 1.6V25.12, In Quarantäne, [7f1b88e088f4dd59972e78ee946fc937], 
PUP.Optional.SpeedCheck.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C33D4E60-E1C5-033A-C8F1-64C5CC10DEE8}, In Quarantäne, [fb9f2d3b3d3fd561ffab49077192768a], 
PUP.Optional.SpeedCheck.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{41F6B857-4B38-6055-C1B1-39C5183CF1AE}, In Quarantäne, [fb9f2d3b3d3fd561ffab49077192768a], 
PUP.Optional.SpeedCheck.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{41F6B857-4B38-6055-C1B1-39C5183CF1AE}, In Quarantäne, [fb9f2d3b3d3fd561ffab49077192768a], 
PUP.Optional.SpeedCheck.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C33D4E60-E1C5-033A-C8F1-64C5CC10DEE8}, In Quarantäne, [fb9f2d3b3d3fd561ffab49077192768a], 
PUP.Optional.SpeedCheck.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\04C531DB-853E-E614-F2C7-24EF6EC541F0, In Quarantäne, [fb9f2d3b3d3fd561ffab49077192768a], 

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 3
PUP.Optional.ZombieInvasion.A, C:\Users\clara\AppData\Local\ZombieInvasion, In Quarantäne, [fd9d7bed3448d75fcd2887c51ae9e719], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver2SpeedCheck, In Quarantäne, [fb9f2d3b3d3fd561ffab49077192768a], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver2SpeedCheck\x64, In Quarantäne, [fb9f2d3b3d3fd561ffab49077192768a], 

Dateien: 20
PUP.Optional.ZombieInvasion.A, C:\ProgramData\cDQBHoBttZ\UtnhMyWMJup.exe, Löschen bei Neustart, [e8b2c8a01666c96ddb55eada827f6799], 
PUP.Optional.ZombieInvasion.A, C:\ProgramData\cDQBHoBttZ\dat\eOiahLV.exe, Löschen bei Neustart, [d4c6a4c486f6e452a48c0eb6e918be42], 
PUP.Optional.ZombieInvasion.A, C:\ProgramData\cDQBHoBttZ\dat\PigiNvTVzlj.exe, Löschen bei Neustart, [8d0d3434205c023460d01ea6a25f6a96], 
PUP.Optional.CrossRider.A, C:\Users\clara\AppData\Roaming\HUDYW.exe, In Quarantäne, [6d2d1454324ab1854ddf3c791de84cb4], 
PUP.Optional.WebInstrNew.A, C:\Windows\System32\drivers\Msft_Kernel_webinstrNewH_01009.Wdf, In Quarantäne, [6832dd8b90ecc86ebe776af4ee158080], 
PUP.Optional.ZombieInvasion.A, C:\Users\clara\AppData\Local\ZombieInvasion\data2.dat, In Quarantäne, [fd9d7bed3448d75fcd2887c51ae9e719], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver2SpeedCheck\184.crx, In Quarantäne, [fb9f2d3b3d3fd561ffab49077192768a], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver2SpeedCheck\184.dat, In Quarantäne, [fb9f2d3b3d3fd561ffab49077192768a], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver2SpeedCheck\184.dll, In Quarantäne, [fb9f2d3b3d3fd561ffab49077192768a], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver2SpeedCheck\184.xpi, In Quarantäne, [fb9f2d3b3d3fd561ffab49077192768a], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver2SpeedCheck\184_x64.dll, In Quarantäne, [fb9f2d3b3d3fd561ffab49077192768a], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver2SpeedCheck\i6SpeedCheckv60.dll, In Quarantäne, [fb9f2d3b3d3fd561ffab49077192768a], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver2SpeedCheck\i6SpeedCheckv60.exe, In Quarantäne, [fb9f2d3b3d3fd561ffab49077192768a], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver2SpeedCheck\SpeedCheck.exe, In Quarantäne, [fb9f2d3b3d3fd561ffab49077192768a], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver2SpeedCheck\sqlite3.dll, In Quarantäne, [fb9f2d3b3d3fd561ffab49077192768a], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver2SpeedCheck\Uninstall.exe, In Quarantäne, [fb9f2d3b3d3fd561ffab49077192768a], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver2SpeedCheck\x64\TandemRunner.exe, In Quarantäne, [fb9f2d3b3d3fd561ffab49077192768a], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver2SpeedCheck\x64\WdfCoInstaller01009.dll, In Quarantäne, [fb9f2d3b3d3fd561ffab49077192768a], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver2SpeedCheck\x64\webinstr.inf, In Quarantäne, [fb9f2d3b3d3fd561ffab49077192768a], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver2SpeedCheck\x64\webinstrNewH.sys, In Quarantäne, [fb9f2d3b3d3fd561ffab49077192768a], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=53b6dde09e4b3746a1b75d96580b9803
# engine=21746
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-29 07:47:56
# local_time=2014-12-29 08:47:56 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5129 16777214 100 97 7390 106268692 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 14459442 24699244 0 0
# scanned=51859
# found=21
# cleaned=0
# scan_time=991
sh=9A29621DAC829144D9648B534CB5A0B24C21AA76 ft=1 fh=e533b0cb5e03e94e vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_de_40\gamesdesktop_widget.exe.vir"
sh=84FF48621208C926E8FCC3DAD23B33A0504CEE6B ft=1 fh=f88e52f2d1553095 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_de_40\gmsd_de_40.exe.vir"
sh=ABC74FC0E2C9926AD2BDC8F253CF9BFE7634337B ft=1 fh=a5b228525a72745c vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQPro-Video 1.6V25.12\257662b9-45e5-45c1-8746-c22cab96b03f-2.exe.vir"
sh=F4306F0DC8F0A9E285BC578A3EA676AC8078A74A ft=1 fh=f8b6630c8b034593 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQPro-Video 1.6V25.12\257662b9-45e5-45c1-8746-c22cab96b03f-5.exe.vir"
sh=CF4EDC859CF53ACCFC041DA2DCE75DF7AB50D05C ft=1 fh=f06d588d78b33649 vn="Variante von Win32/Toolbar.CrossRider.BA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQPro-Video 1.6V25.12\HQPro-Video 1.6V25.12-bg.exe.vir"
sh=E5BE30FCE1C7A142E43D1375DF72E1982B950C42 ft=1 fh=c99e79ec5ad960f2 vn="Variante von Win32/Toolbar.CrossRider.BA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQPro-Video 1.6V25.12\HQPro-Video 1.6V25.12-bho.dll.vir"
sh=95AC3217D56009671F3FA61B4C93C0E84E5DEB1B ft=1 fh=b021642527a208c4 vn="Variante von Win64/Toolbar.Crossrider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQPro-Video 1.6V25.12\HQPro-Video 1.6V25.12-bho64.dll.vir"
sh=6D4C083F1DF2CE16E4E9C1284BD9F6F0AF693244 ft=1 fh=827a0e2471614d2a vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQPro-Video 1.6V25.12\HQPro-Video 1.6V25.12-codedownloader.exe.vir"
sh=094325942AE2CBCABE368B849E11218D9FF977A0 ft=1 fh=d5057df6fe52dba6 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQPro-Video 1.6V25.12\Uninstall.exe.vir"
sh=08DBD4916BC490C40D8F195C465EA7689EE1F423 ft=1 fh=b68e2a02e9333dfb vn="Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQPro-Video 1.6V25.12\utils.exe.vir"
sh=FC3A455F0FB2672BC95CB6935C777FC86FD76978 ft=1 fh=0b3b4934b4c0b40c vn="Variante von Win32/Verti.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\StormWatch\StormWatchApp.exe.vir"
sh=1AB0980D6216415031DFBDF8E56ECD479BE5F777 ft=1 fh=05efd1e59785f63e vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Super Optimizer\SuperOptimizer.exe.vir"
sh=10F18DE8B9AD7C7AC9EA32E9827044DEF0B28ECA ft=1 fh=5a1ff9e78156c197 vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Super Optimizer\SupOptSmartScan.exe.vir"
sh=C115266B0C7A676829C24F39D20F318DEF49CB0B ft=1 fh=2ebe1483bccc99eb vn="Variante von Win32/Adware.MultiPlug.DX Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Super Optimizer\SupOptStats.dll.vir"
sh=EDB6E1477166B32FE95301005E15A4EEB8BCF137 ft=1 fh=d29cf5027c7fc6c4 vn="Variante von MSIL/Adware.PullUpdate.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir"
sh=C7BE330F0743652C69C7A35BC02359864360B3D3 ft=1 fh=6c649a255e4ff0ed vn="Variante von Win32/Adware.EoRezo.AJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\clara\AppData\Local\gmsd_de_40\upgmsd_de_40.exe.vir"
sh=7CF39BFD4EF811C8A77D142D86D246E07A0D7EC9 ft=1 fh=a76414b4498f1245 vn="Variante von Win32/Agent.WGA Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\rcore.exe.vir"
sh=25BF1DFA50FFBDF257C329E552F1364AE03A1114 ft=1 fh=aab52fd58d33a0a0 vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\Program Files (x86)\Optimizer Pro 3.16\OptimizerPro.exe"
sh=3A84B84CFE06C1B56EAF42D6496F6C47D08236BC ft=1 fh=2dd01d348029c59a vn="Variante von Win32/Adware.MultiPlug.DX Anwendung" ac=I fn="C:\Program Files (x86)\Optimizer Pro 3.16\OptProMon.dll"
sh=834026FD3DA8BE2ECFF157D6EAD5F8C19F7DAFFB ft=1 fh=12533f92b1b45599 vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\ProgramData\cDQBHoBttZ\dat\OpRAuzI.dll"
sh=23D536B1E3332F2C8DB7A1B69E2E4C223556D074 ft=1 fh=8d7eda0b728f2714 vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\ProgramData\cDQBHoBttZ\dat\XbZVboCHK.dll"

ZOMBIE-INVASION ?!??

cosinus · 29.12.2014, 21:23

Werbekacke halt

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Program Files (x86)\Optimizer Pro 3.16
C:\ProgramData\cDQBHoBttZ
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

piepsi · 29.12.2014, 21:57

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by clara (administrator) on PINKUNICORN on 29-12-2014 12:09:38
Running from C:\Users\clara\Desktop
Loaded Profile: clara (Available profiles: clara)
Platform: Windows 8.1 Connected (Update 1) (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Time Lapse Solutions) C:\ProgramData\cDQBHoBttZ\UtnhMyWMJup.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcupdmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-07-24] (McAfee, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoControlPanel] 0

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\mcsniepl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\clara\AppData\Roaming\Mozilla\Firefox\Profiles\84o4ajrv.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
FF Plugin-x32: Adobe Reader -> c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-06-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-03]
FF HKU\S-1-5-21-1514695704-1104078457-1827297199-1001\...\Firefox\Extensions: [{4B55B3C6-B7D6-F951-65AD-4BBEB0EF1F8E}] - C:\Program Files (x86)\ver2SpeedCheck\184.xpi
FF Extension: SpeedCheck - C:\Program Files (x86)\ver2SpeedCheck\184.xpi [2014-12-25]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-12-27]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-12-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2709760 2014-11-17] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [175464 2013-07-24] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-07-06] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-04-28] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-04-28] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer)
R2 UtnhMyWMJup; C:\ProgramData\cDQBHoBttZ\UtnhMyWMJup.exe [2726776 2014-12-25] (Time Lapse Solutions)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-07-15] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-07-15] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [461528 2013-12-20] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2014-07-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 12:09 - 2014-12-29 12:10 - 00013766 _____ () C:\Users\clara\Desktop\FRST.txt
2014-12-29 12:09 - 2014-12-29 12:09 - 00000000 ____D () C:\Users\clara\Desktop\FRST-OlderVersion
2014-12-29 01:21 - 2014-12-29 01:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-27 17:26 - 2014-12-29 09:10 - 00000000 ____D () C:\Users\clara\AppData\Local\ZombieInvasion
2014-12-27 17:15 - 2014-12-27 17:15 - 00000000 ____D () C:\Windows\ERUNT
2014-12-27 17:04 - 2014-12-27 17:09 - 00000000 ____D () C:\AdwCleaner
2014-12-27 16:34 - 2014-12-27 16:34 - 01707646 _____ (Thisisu) C:\Users\clara\Desktop\JRT.exe
2014-12-27 16:32 - 2014-12-27 16:33 - 02173952 _____ () C:\Users\clara\Desktop\AdwCleaner_4.106.exe
2014-12-26 23:28 - 2014-12-26 23:29 - 00380416 _____ () C:\Users\clara\Downloads\Gmer-19357(1).exe
2014-12-26 23:28 - 2014-12-26 23:28 - 00380416 _____ () C:\Users\clara\Desktop\Gmer-19357.exe
2014-12-26 21:42 - 2014-12-29 12:09 - 00000000 ____D () C:\FRST
2014-12-26 21:28 - 2014-12-29 12:09 - 02123264 _____ (Farbar) C:\Users\clara\Desktop\FRST64.exe
2014-12-26 21:13 - 2014-12-26 21:13 - 00000000 _____ () C:\Users\clara\defogger_reenable
2014-12-26 21:10 - 2014-12-26 21:10 - 00050477 _____ () C:\Users\clara\Desktop\Defogger.exe
2014-12-26 20:55 - 2014-12-26 20:56 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Mozilla
2014-12-26 20:55 - 2014-12-26 20:56 - 00000000 ____D () C:\Users\clara\AppData\Local\Mozilla
2014-12-26 20:55 - 2014-12-26 20:55 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-26 20:55 - 2014-12-26 20:55 - 00001167 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-26 20:55 - 2014-12-26 20:55 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-26 20:55 - 2014-12-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-26 20:55 - 2014-12-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-25 19:48 - 2014-12-25 19:48 - 00000000 ____D () C:\Users\clara\AppData\Local\AOP SDK
2014-12-25 18:21 - 2014-12-25 18:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-12-25 16:00 - 2014-12-25 16:01 - 00000000 ____D () C:\ProgramData\cDQBHoBttZ
2014-12-25 15:57 - 2014-12-27 11:57 - 00003254 _____ () C:\Windows\System32\Tasks\Super Optimizer Schedule
2014-12-25 15:54 - 2014-12-26 18:58 - 00000000 ___HD () C:\Users\Public\Temp
2014-12-25 15:53 - 2014-12-27 17:04 - 00001925 _____ () C:\Windows\patsearch.bin
2014-12-25 15:53 - 2014-12-25 15:54 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.16
2014-12-25 15:53 - 2014-12-25 15:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-25 15:53 - 2014-12-25 15:53 - 00000000 ____D () C:\Program Files (x86)\ver2SpeedCheck
2014-12-25 15:51 - 2014-12-25 15:54 - 01990120 _____ (HQ-VideoV25.12) C:\Users\clara\AppData\Roaming\HUDYW.exe
2014-12-25 15:33 - 2014-12-25 15:33 - 00000000 ____D () C:\Users\Public\OEM
2014-12-25 15:33 - 2014-12-25 15:33 - 00000000 ____D () C:\Users\clara\Documents\clear.fi
2014-12-25 15:30 - 2014-12-25 15:30 - 00000000 ____D () C:\Users\clara\AppData\Local\MediaShow
2014-12-25 15:29 - 2014-12-25 16:10 - 00000000 ____D () C:\Users\clara\Documents\CyberLink
2014-12-25 15:29 - 2014-12-25 15:29 - 00000000 ____D () C:\Users\clara\AppData\Roaming\CyberLink
2014-12-25 15:21 - 2014-12-25 15:21 - 00000000 ____D () C:\Users\clara\AppData\Local\CyberLink
2014-12-24 23:58 - 2014-12-29 01:26 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1514695704-1104078457-1827297199-1001
2014-12-24 23:57 - 2014-12-28 14:05 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CAD66C14-99B2-44DB-AD25-7B534EC424AC}
2014-12-24 23:57 - 2014-12-24 23:57 - 00000000 ____D () C:\Users\Public\Pokki
2014-12-24 23:56 - 2014-12-24 21:41 - 00002298 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-12-24 23:56 - 2014-12-24 18:54 - 00002127 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2014-12-24 23:54 - 2014-12-25 19:55 - 00000000 ____D () C:\Users\clara\AppData\Local\clear.fi
2014-12-24 23:54 - 2014-12-24 23:54 - 00000000 ____D () C:\Users\clara\PicStream
2014-12-24 23:53 - 2014-12-24 23:53 - 00001458 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-24 23:53 - 2014-12-24 23:53 - 00001280 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio-Manager.lnk
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Atheros
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Adobe
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Users\clara\AppData\Local\VirtualStore
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Users\clara\AppData\Local\OEM
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\ProgramData\OEM_YAHOO
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Program Files\Accessory Store
2014-12-24 23:53 - 2014-12-24 23:53 - 00000000 ____D () C:\Program Files (x86)\OEM
2014-12-24 23:52 - 2014-12-27 11:39 - 00000000 ____D () C:\Users\clara\AppData\Local\Pokki
2014-12-24 23:52 - 2014-12-24 23:54 - 00000000 ____D () C:\Users\clara\AppData\Local\Packages
2014-12-24 23:52 - 2014-12-24 23:52 - 00000180 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-12-24 23:52 - 2014-12-24 23:52 - 00000020 ___SH () C:\Users\clara\ntuser.ini
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Vorlagen
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Startmenü
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Netzwerkumgebung
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Lokale Einstellungen
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Eigene Dateien
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Druckumgebung
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Documents\Eigene Musik
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Documents\Eigene Bilder
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\AppData\Local\Verlauf
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\AppData\Local\Anwendungsdaten
2014-12-24 23:52 - 2014-12-24 23:52 - 00000000 _SHDL () C:\Users\clara\Anwendungsdaten
2014-12-24 23:52 - 2014-07-15 12:17 - 00000000 ___RD () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-24 23:52 - 2014-03-18 11:00 - 00000000 ___RD () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-24 23:52 - 2014-03-18 10:49 - 00000369 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-12-24 23:52 - 2014-03-18 10:49 - 00000369 _____ () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-12-24 23:52 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-24 23:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-24 23:51 - 2014-12-29 12:08 - 01478625 _____ () C:\Windows\WindowsUpdate.log
2014-12-24 23:51 - 2014-12-26 21:13 - 00000000 ____D () C:\Users\clara
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Programme
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-12-24 23:17 - 2014-12-24 23:17 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-12-24 21:52 - 2014-12-29 12:09 - 00000000 __RDO () C:\Users\clara\OneDrive
2014-12-24 21:48 - 2014-12-24 21:48 - 00000000 ____D () C:\Users\clara\AppData\Local\Acer Aspire R7 Tutorial
2014-12-24 20:08 - 2014-12-24 20:08 - 00000000 ____D () C:\Users\clara\AppData\Roaming\WildTangent
2014-12-24 18:52 - 2014-12-24 18:52 - 00000000 __SHD () C:\Users\clara\AppData\Local\EmieUserList
2014-12-24 18:52 - 2014-12-24 18:52 - 00000000 __SHD () C:\Users\clara\AppData\Local\EmieSiteList
2014-12-24 18:52 - 2014-12-24 18:52 - 00000000 ____D () C:\Users\clara\AppData\Roaming\Macromedia

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 12:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-29 09:46 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-28 14:25 - 2014-07-15 11:57 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-12-28 14:25 - 2014-07-15 11:57 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-12-28 14:25 - 2014-03-18 10:47 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-28 14:19 - 2014-03-18 10:39 - 00007158 _____ () C:\Windows\PFRO.log
2014-12-28 14:19 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-28 14:19 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-28 14:19 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-28 14:18 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-12-27 17:12 - 2014-06-03 11:33 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-12-26 20:49 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-26 09:56 - 2014-06-03 11:32 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-25 19:54 - 2014-06-03 11:21 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-12-25 19:48 - 2014-06-03 11:49 - 00000000 ___HD () C:\OEM
2014-12-25 19:28 - 2014-06-03 11:21 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-12-25 18:21 - 2013-08-22 15:46 - 00013846 _____ () C:\Windows\setupact.log
2014-12-25 16:13 - 2014-07-15 03:24 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-25 16:11 - 2014-07-15 03:39 - 00000000 ____D () C:\Users\Public\CyberLink
2014-12-24 23:53 - 2014-06-03 11:55 - 00000000 ____D () C:\Windows\Panther
2014-12-24 23:18 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-24 23:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT
2014-12-24 23:17 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default
2014-12-24 21:43 - 2014-06-03 11:21 - 00000000 ____D () C:\ProgramData\WildTangent
2014-12-24 20:09 - 2014-06-03 11:21 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-12-24 17:57 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-03 10:56

==================== End Of Log ============================

--- --- ---

cosinus · 29.12.2014, 22:03

Das ist kein Fixlog

piepsi · 29.12.2014, 22:06

[CODE]Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by clara at 2014-12-29 21:42:19 Run:2
Running from C:\Users\clara\Desktop
Loaded Profile: clara (Available profiles: clara)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\Optimizer Pro 3.16
Oh. Äh. Ja.

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by clara at 2014-12-29 21:42:19 Run:2
Running from C:\Users\clara\Desktop
Loaded Profile: clara (Available profiles: clara)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\Optimizer Pro 3.16
C:\ProgramData\cDQBHoBttZ
EmptyTemp:
Hosts:
*****************

C:\Program Files (x86)\Optimizer Pro 3.16 => Moved successfully.
C:\ProgramData\cDQBHoBttZ => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 240.3 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 21:43:58 ====

Sorry.

29.12.2014, 00:10	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Mcafee: Artemis auf dem Laptop der Tochter mit WIN 8 Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken __________________ Logfiles bitte immer in CODE-Tags posten

29.12.2014, 22:03	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Mcafee: Artemis auf dem Laptop der Tochter mit WIN 8 Das ist kein Fixlog __________________ Logfiles bitte immer in CODE-Tags posten

Mcafee: Artemis auf dem Laptop der Tochter mit WIN 8

Log-Analyse und Auswertung: Mcafee: Artemis auf dem Laptop der Tochter mit WIN 8