|
Log-Analyse und Auswertung: Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.04.2015, 15:35 | #1 |
| Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert Hallo zusammen, seit gestern habe ich ein Laptop hier, dass mich mit den Worten: "Werbung, kein Browser mehr vorhanden, bzw. installierbar - außer Crossbrowse, brauche Hilfe ..." erreichte. Ich habe nun schon einiges entfernt, aber komme jetzt nicht mehr weiter. Der IE funktioniert inzwischen wieder. Aber z. B. der Defender kann nicht ausgeführt werden, da durch Gruppenrichtlinie blockiert. Das AVG-Logo im Systray öffnet nur noch einen AVG Linkscanner??? Nachstehend nur die letzten Logs (weitere vorhanden) ... Alle Funde wurden entfernt. Code:
ATTFilter # AdwCleaner v4.201 - Bericht erstellt 09/04/2015 um 18:28:46 # Aktualisiert 08/04/2015 von Xplode # Datenbank : 2015-04-08.1 [Lokal] # Betriebssystem : Windows 8.1 (x64) # Benutzername : ACER - ACERPC # Gestarted von : C:\Users\ACER\Desktop\AdwCleaner_4.201.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : bobyzoom Dienst Gelöscht : cherimoya [#] Dienst Gelöscht : Gambali [#] Dienst Gelöscht : globalUpdate [#] Dienst Gelöscht : globalUpdatem [#] Dienst Gelöscht : IHProtect Service [#] Dienst Gelöscht : pcsuservice [#] Dienst Gelöscht : SCService Dienst Gelöscht : tammgF119 [#] Dienst Gelöscht : tammgR119 [#] Dienst Gelöscht : 3a37b93a [#] Dienst Gelöscht : qrnfd_1_10_0_9 ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\HealthAlert Ordner Gelöscht : C:\rei Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect Ordner Gelöscht : C:\ProgramData\Reimage Protector Ordner Gelöscht : C:\ProgramData\HealthAlert Ordner Gelöscht : C:\ProgramData\IHProtectUpDate Ordner Gelöscht : C:\ProgramData\FlashBeat Ordner Gelöscht : C:\ProgramData\bobyzoom Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc speed up Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream Ordner Gelöscht : C:\Program Files (x86)\globalUpdate Ordner Gelöscht : C:\Program Files (x86)\pc speed up Ordner Gelöscht : C:\Program Files (x86)\predm Ordner Gelöscht : C:\Program Files (x86)\Search Extensions Ordner Gelöscht : C:\Program Files (x86)\XTab Ordner Gelöscht : C:\Program Files (x86)\WSE_Taplika Ordner Gelöscht : C:\Program Files (x86)\Crossbrowse Ordner Gelöscht : C:\Program Files (x86)\Liveistream Ordner Gelöscht : C:\Program Files (x86)\Lights Cinema 1.3betaV18.03 Ordner Gelöscht : C:\Program Files (x86)\SmartSaver+ 21 Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro 3.64 Ordner Gelöscht : C:\Program Files\Reimage Ordner Gelöscht : C:\Program Files\shopperz Ordner Gelöscht : C:\Users\ACER\SupTab Ordner Gelöscht : C:\Users\ACER\AppData\Local\globalUpdate Ordner Gelöscht : C:\Users\ACER\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp Ordner Gelöscht : C:\Users\ACER\AppData\Local\SmartWeb Ordner Gelöscht : C:\Users\ACER\AppData\Local\HealthAlert Ordner Gelöscht : C:\Users\ACER\AppData\Local\Doctor_PC Ordner Gelöscht : C:\Users\ACER\AppData\Local\Pro_PC_Cleaner Ordner Gelöscht : C:\Users\ACER\AppData\Local\Taplika Ordner Gelöscht : C:\Users\ACER\AppData\Local\Crossbrowse Ordner Gelöscht : C:\Users\ACER\AppData\Local\mbot_de_560 Ordner Gelöscht : C:\Users\ACER\AppData\LocalLow\Allin1Convert_8hEI Ordner Gelöscht : C:\Users\ACER\AppData\LocalLow\TelevisionFanaticEI Ordner Gelöscht : C:\Users\ACER\AppData\LocalLow\bobyzoom Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\AnyProtectEx Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\ap_logs Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\istartsurf Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\webssearches Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\mystartsearch Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\PriceFountain Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\WSE_Taplika Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GU Player Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Liveistream Ordner Gelöscht : C:\Users\ACER\Documents\PCSpeedUp Ordner Gelöscht : C:\Users\ACER\Documents\ProPCCleaner Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\searchengine@gmail.com Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\istart_ffnt@gmail.com Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\bbz@bobyzoom.com Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\e4aa8e99-7176-43d9-9f3f-3c3302d236b6@gmail.com Ordner Gelöscht : C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com Ordner Gelöscht : C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdjhhpjicomphhjpehdhjenbaamdpnn Datei Gelöscht : C:\Users\Public\Desktop\crossbrowse.lnk Datei Gelöscht : C:\Windows\patsearch.bin Datei Gelöscht : C:\Windows\shost.bin Datei Gelöscht : C:\Windows\SysWOW64\Gambali.dll Datei Gelöscht : C:\Windows\SysWOW64\GambaliOff.ini Datei Gelöscht : C:\Windows\System32\Gambali64.dll Datei Gelöscht : C:\Windows\System32\GambaliOff.ini Datei Gelöscht : C:\Windows\System32\drivers\tammgf119.sys Datei Gelöscht : C:\Windows\System32\drivers\tammgr119.sys Datei Gelöscht : C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\crossbrowse.lnk Datei Gelöscht : C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk Datei Gelöscht : C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\searchplugins\mystartsearch.xml Datei Gelöscht : C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\user.js ***** [ Geplante Tasks ] ***** Task Gelöscht : APSnotifierPP1 Task Gelöscht : APSnotifierPP2 Task Gelöscht : APSnotifierPP3 Task Gelöscht : Crossbrowse Task Gelöscht : DoctorPC_Popup Task Gelöscht : DoctorPC_Start Task Gelöscht : globalUpdateUpdateTaskMachineCore Task Gelöscht : globalUpdateUpdateTaskMachineUA Task Gelöscht : LaunchSignup Task Gelöscht : Optimizer Pro Schedule Task Gelöscht : PC SpeedUp Service Deactivator Task Gelöscht : ProPCCleaner_Popup Task Gelöscht : ProPCCleaner_Start Task Gelöscht : RocketTab Task Gelöscht : RocketTab Update Task Task Gelöscht : 44adc2af-2714-48f8-8bba-3ede16e171b6-1-6 Task Gelöscht : 44adc2af-2714-48f8-8bba-3ede16e171b6-1-7 Task Gelöscht : 44adc2af-2714-48f8-8bba-3ede16e171b6-10_user Task Gelöscht : 44adc2af-2714-48f8-8bba-3ede16e171b6-4 Task Gelöscht : 44adc2af-2714-48f8-8bba-3ede16e171b6-5 Task Gelöscht : 44adc2af-2714-48f8-8bba-3ede16e171b6-5_user Task Gelöscht : fc92fb5b-fb1c-4152-b04e-d355f05c4049-1-6 Task Gelöscht : fc92fb5b-fb1c-4152-b04e-d355f05c4049-1-7 Task Gelöscht : fc92fb5b-fb1c-4152-b04e-d355f05c4049-10_user Task Gelöscht : fc92fb5b-fb1c-4152-b04e-d355f05c4049-4 Task Gelöscht : fc92fb5b-fb1c-4152-b04e-d355f05c4049-5 Task Gelöscht : fc92fb5b-fb1c-4152-b04e-d355f05c4049-5_user ***** [ Verknüpfungen ] ***** Verknüpfung Desinfiziert : C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Verknüpfung Desinfiziert : C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchengine@gmail.com] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [istart_ffnt@gmail.com] Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro] Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [pcspeedup] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PCSU.Registry Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PCSU.SysUtils Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PCSU.SysUtils.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PCSU.Registry.1 Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mbot_de_560] Schlüssel Gelöscht : HKLM\SOFTWARE\a8099acf-fae6-cbf8-ada0-1f179728a65a Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B608CC98-54DE-4775-96C9-097DE398500C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B608CC98-54DE-4775-96C9-097DE398500C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2299856A-6506-42E3-A34F-CD35A47C1B19} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3573F849-E5CB-5D5D-3B05-D782B26FD0A9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3573F849-E5CB-5D5D-3B05-D782B26FD0A9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Wert Gelöscht : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1] Schlüssel Gelöscht : HKCU\Software\AnyProtect Schlüssel Gelöscht : HKCU\Software\APN PIP Schlüssel Gelöscht : HKCU\Software\Boost Schlüssel Gelöscht : HKCU\Software\GlobalUpdate Schlüssel Gelöscht : HKCU\Software\HomeTab Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Optimizer Pro Schlüssel Gelöscht : HKCU\Software\RocketTabInstalled Schlüssel Gelöscht : HKCU\Software\Search Extensions Schlüssel Gelöscht : HKCU\Software\simplytech Schlüssel Gelöscht : HKCU\Software\Speedchecker Limited Schlüssel Gelöscht : HKCU\Software\Wajam Schlüssel Gelöscht : HKCU\Software\WajIEnhance Schlüssel Gelöscht : HKCU\Software\TNT2 Schlüssel Gelöscht : HKCU\Software\zcln Schlüssel Gelöscht : HKCU\Software\ProPCCleanerLanguage Schlüssel Gelöscht : HKCU\Software\ProPCCleanerConfig Schlüssel Gelöscht : HKCU\Software\WajIntEnhance Schlüssel Gelöscht : HKCU\Software\rttasks Schlüssel Gelöscht : HKCU\Software\SearchProtectWS Schlüssel Gelöscht : HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09} Schlüssel Gelöscht : HKCU\Software\Crossbrowse Schlüssel Gelöscht : HKCU\Software\reimagerepair Schlüssel Gelöscht : HKCU\Software\Lights Cinema 1.3betaV18.03 Schlüssel Gelöscht : HKCU\Software\SmartSaver+ 21 Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BlockAndSurf Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\bobyzoom Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork Schlüssel Gelöscht : HKLM\SOFTWARE\Boost Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit Schlüssel Gelöscht : HKLM\SOFTWARE\EZ Software Updater Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions Schlüssel Gelöscht : HKLM\SOFTWARE\istartsurfSoftware Schlüssel Gelöscht : HKLM\SOFTWARE\MyBestOffersToday Schlüssel Gelöscht : HKLM\SOFTWARE\RocketTab Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect Schlüssel Gelöscht : HKLM\SOFTWARE\Speedchecker Limited Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials Schlüssel Gelöscht : HKLM\SOFTWARE\mystartsearchSoftware Schlüssel Gelöscht : HKLM\SOFTWARE\GAMESDESKTOP Schlüssel Gelöscht : HKLM\SOFTWARE\IHProtect Schlüssel Gelöscht : HKLM\SOFTWARE\Pro PC Cleaner Schlüssel Gelöscht : HKLM\SOFTWARE\IGS Schlüssel Gelöscht : HKLM\SOFTWARE\WajIntEnhance Schlüssel Gelöscht : HKLM\SOFTWARE\QuickRef_1.10.0.9 Schlüssel Gelöscht : HKLM\SOFTWARE\Crossbrowse Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit Schlüssel Gelöscht : HKLM\SOFTWARE\Lights Cinema 1.3betaV18.03 Schlüssel Gelöscht : HKLM\SOFTWARE\SmartSaver+ 21 Schlüssel Gelöscht : HKU\.DEFAULT\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Liveistream Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Speedchecker Limited Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1 Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:58242;hxxps=127.0.0.1:58242 Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1 Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback> Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49198;hxxps=127.0.0.1:49198 Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1 Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback> ***** [ Internetbrowser ] ***** -\\ Internet Explorer v0.0.0.0 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] -\\ Mozilla Firefox v [14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html"); [14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultenginename", "mystartsearch"); [14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "mystartsearch"); [14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico"); [14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "mystartsearch"); [14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1426545671&from=cmi&uid=WDCXWD10JPVX-22JC3T0_WD-WX31E73TSL58TSL58&q={searchTerms}"); [14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "mystartsearch"); [14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("extensions.accf7276cd388480f88355b680025e1cagmailcom71387.71387.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%[...] [14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("extensions.accf7276cd388480f88355b680025e1cagmailcom71387.71387.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22hxxp%3A//www.ho[...] [14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("extensions.accf7276cd388480f88355b680025e1cagmailcom71387.71387.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...] [14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("extensions.ae4aa8e99717643d99f3f3c3302d236b6gmailcom61794.61794.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%[...] [14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("extensions.ae4aa8e99717643d99f3f3c3302d236b6gmailcom61794.61794.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22hxxp%3A//www.ho[...] [14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("extensions.ae4aa8e99717643d99f3f3c3302d236b6gmailcom61794.61794.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...] [14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("extensions.enabledAddons", "istart_ffnt%40gmail.com:5.3.5,searchengine%40gmail.com:1.0.0.1027,toolbar%401und1.de:3.0.5,%7B7C9AE782-DB21-4e40-81FB-AD8A53A6233A%7D:1004.55.443,suncult%40sf.ne[...] [14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false); [14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); [14tvoldw.default-1420498969585\prefs.js] - Zeile Gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"bbz@bobyzoom.com\":{\"d\":\"C:\\\\Users\\\\ACER\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\14tvoldw.default-1420498969585\\\\exten[...] -\\ Google Chrome v -\\ Opera v0.0.0.0 ************************* AdwCleaner[R0].txt - [2537 Bytes] - [09/09/2014 20:32:03] AdwCleaner[R1].txt - [9591 Bytes] - [26/02/2015 22:34:41] AdwCleaner[R2].txt - [31014 Bytes] - [09/04/2015 18:24:46] AdwCleaner[S0].txt - [2089 Bytes] - [09/09/2014 20:34:07] AdwCleaner[S1].txt - [8076 Bytes] - [26/02/2015 22:39:27] AdwCleaner[S2].txt - [27741 Bytes] - [09/04/2015 18:28:46] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [27801 Bytes] ########## Code:
ATTFilter # AdwCleaner v4.201 - Bericht erstellt 10/04/2015 um 15:13:29 # Aktualisiert 08/04/2015 von Xplode # Datenbank : 2015-04-08.1 [Server] # Betriebssystem : Windows 8.1 (x64) # Benutzername : ACER - ACERPC # Gestarted von : C:\Users\ACER\Desktop\AdwCleaner_4.201.exe # Option : Suchlauf ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Daten Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback> ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v -\\ Google Chrome v -\\ Opera v0.0.0.0 ************************* AdwCleaner[R0].txt - [2537 Bytes] - [09/09/2014 20:32:03] AdwCleaner[R1].txt - [9591 Bytes] - [26/02/2015 22:34:41] AdwCleaner[R2].txt - [31014 Bytes] - [09/04/2015 18:24:46] AdwCleaner[R3].txt - [960 Bytes] - [10/04/2015 15:13:29] AdwCleaner[S0].txt - [2089 Bytes] - [09/09/2014 20:34:07] AdwCleaner[S1].txt - [8076 Bytes] - [26/02/2015 22:39:27] AdwCleaner[S2].txt - [27974 Bytes] - [09/04/2015 18:28:46] ########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1196 Bytes] ########## Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by ACER at 2015-04-10 14:39:29 Run:1 Running from C:\Users\ACER\Desktop Loaded Profiles: ACER (Available profiles: ACER) Boot Mode: Normal ============================================== Content of fixlist: ***************** () C:\ProgramData\DoReMe\DoReMe.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\Run: [GoogleChromeAutoLaunch_F6515CCC0E7A16819F399CD8FB2F0977] => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:58242;https=127.0.0.1:58242 Toolbar: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\istart_ffnt@gmail.com [Not Found] FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\searchengine@gmail.com [Not Found] FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\bbz@bobyzoom.com [Not Found] FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com [Not Found] FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\e4aa8e99-7176-43d9-9f3f-3c3302d236b6@gmail.com [Not Found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (mmgagnmbebdebebbcleklifnobamjonh) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh [2015-03-23] R4 DoReMe; C:\ProgramData\DoReMe\DoReMe.exe [379392 2015-03-16] () [File not signed] R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.) S2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.) R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.) R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.) R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.) 2015-04-09 17:54 - 2015-04-09 17:54 - 00000320 _____ () C:\Windows\Tasks\Tempo Runner bzdap.job 2015-03-23 00:09 - 2015-03-23 00:09 - 00768512 _____ (Reimage®) C:\Users\ACER\Downloads\ReimageRepair.exe 2015-03-21 19:38 - 2015-03-21 19:38 - 00000000 ____D () C:\417420b1675e8f19fbce 2015-03-19 22:53 - 2015-04-09 18:05 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 _____ () C:\LILD3C0.tmp 2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 _____ () C:\LILD3A1.tmp 2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 _____ () C:\LILD343.tmp 2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 _____ () C:\LILD305.tmp 2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 _____ () C:\LILD2C6.tmp 2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 _____ () C:\LILD2B7.tmp 2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 _____ () C:\LILD298.tmp 2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 _____ () C:\LILD278.tmp 2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 _____ () C:\LILD249.tmp 2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 _____ () C:\LILD22A.tmp 2015-03-17 00:28 - 2015-03-17 00:28 - 00000000 ____D () C:\ProgramData\LolyKey 2015-03-17 00:27 - 2015-03-17 00:27 - 00000000 ____D () C:\ProgramData\DoReMe 2015-03-17 00:27 - 2015-03-17 00:27 - 00000000 ____D () C:\ProgramData\2f11c29c62a04257b4ccbbad72eaeddd 2015-03-22 19:38 - 2015-03-22 19:38 - 0000042 _____ () C:\Users\ACER\AppData\Roaming\WB.CFG ***************** C:\ProgramData\DoReMe\DoReMe.exe => No running process found [1976] C:\Windows\System32\mfevtps.exe => Process closed successfully. [2080] C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe => Process closed successfully. HKU\S-1-5-21-285109389-3928928740-2186509083-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_F6515CCC0E7A16819F399CD8FB2F0977 => Value not found. HKU\S-1-5-21-285109389-3928928740-2186509083-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion => Value not found. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKU\S-1-5-21-285109389-3928928740-2186509083-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. HKU\S-1-5-21-285109389-3928928740-2186509083-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully. HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found. C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\istart_ffnt@gmail.com not found. C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\searchengine@gmail.com not found. C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\bbz@bobyzoom.com not found. C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com not found. C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\e4aa8e99-7176-43d9-9f3f-3c3302d236b6@gmail.com not found. C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found. Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION => Error: No automatic fix found for this entry. C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh => Moved successfully. DoReMe => Service deleted successfully. mfefire => Service deleted successfully. mfevtp => Unable to stop service mfevtp => Service deleted successfully. cfwids => Service deleted successfully. mfeapfk => Service deleted successfully. mfeavfk => Unable to stop service mfeavfk => Service deleted successfully. mfeelamk => Service deleted successfully. mfefirek => Service deleted successfully. mfehidk => Unable to stop service mfehidk => Service deleted successfully. mfewfpk => Unable to stop service mfewfpk => Service deleted successfully. C:\Windows\Tasks\Tempo Runner bzdap.job => Moved successfully. C:\Users\ACER\Downloads\ReimageRepair.exe => Moved successfully. C:\417420b1675e8f19fbce => Moved successfully. C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully. C:\LILD3C0.tmp => Moved successfully. C:\LILD3A1.tmp => Moved successfully. C:\LILD343.tmp => Moved successfully. C:\LILD305.tmp => Moved successfully. C:\LILD2C6.tmp => Moved successfully. C:\LILD2B7.tmp => Moved successfully. C:\LILD298.tmp => Moved successfully. C:\LILD278.tmp => Moved successfully. C:\LILD249.tmp => Moved successfully. C:\LILD22A.tmp => Moved successfully. C:\ProgramData\LolyKey => Moved successfully. C:\ProgramData\DoReMe => Moved successfully. C:\ProgramData\2f11c29c62a04257b4ccbbad72eaeddd => Moved successfully. C:\Users\ACER\AppData\Roaming\WB.CFG => Moved successfully. The system needed a reboot. ==== End of Fixlog 14:39:52 ==== Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by ACER (administrator) on ACERPC on 10-04-2015 14:44:12 Running from C:\Users\ACER\Desktop Loaded Profiles: ACER (Available profiles: ACER) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare) HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation) HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.) IFEO\b9eg190.exe: [Debugger] TaskList.exe IFEO\bbqleads.exe: [Debugger] TaskList.exe IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe IFEO\bbqquotes.exe: [Debugger] TaskList.exe IFEO\ContentExplorer.exe: [Debugger] TaskList.exe IFEO\donutleads.exe: [Debugger] TaskList.exe IFEO\donutquotes.exe: [Debugger] TaskList.exe IFEO\internetenhancer.exe: [Debugger] TaskList.exe IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe IFEO\pastaleads.exe: [Debugger] TaskList.exe IFEO\pastaquotes.exe: [Debugger] TaskList.exe IFEO\spyhunter.exe: [Debugger] TaskList.exe IFEO\theanswerfinder.exe: [Debugger] TaskList.exe IFEO\wajam.exe: [Debugger] TaskList.exe IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKU\S-1-5-21-285109389-3928928740-2186509083-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmailer.1und1.de/;jsessionid=F5A3C1717E85CA067EEE8F0E32334521.TCpfix220a HKU\S-1-5-21-285109389-3928928740-2186509083-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> DefaultScope {5E8C4DD6-E11D-485A-94C1-9B4760A70C26} URL = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {5649E217-8764-48F7-A498-BBC2C0C9D66F} URL = SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {5E8C4DD6-E11D-485A-94C1-9B4760A70C26} URL = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-05-23] (Oracle Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-05-23] (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585 FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D031915-AF725A490EB72436481F&form=CONMHP&conlogo=CT3332018 FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-05-23] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-05-23] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-285109389-3928928740-2186509083-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.) FF Extension: suncultsfnet - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\suncult@sf.net [2015-03-23] FF Extension: 1&1 MailCheck - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\toolbar@1und1.de [2015-02-26] FF Extension: 7C9AE782DB214e4081FBAD8A53A6233A - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A} [2015-03-23] FF Extension: OkayFreedom - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2015-03-17] FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\istart_ffnt@gmail.com [Not Found] FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\searchengine@gmail.com [Not Found] FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\bbz@bobyzoom.com [Not Found] FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com [Not Found] FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\e4aa8e99-7176-43d9-9f3f-3c3302d236b6@gmail.com [Not Found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Profile: C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-17] CHR Extension: (Google Docs) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-17] CHR Extension: (Google Drive) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-17] CHR Extension: (YouTube) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-17] CHR Extension: (Google Search) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-17] CHR Extension: (Google Sheets) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-17] CHR Extension: (Avira Browser Safety) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-17] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17] CHR Extension: (Google Wallet) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-17] CHR Extension: (Gmail) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-17] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx Opera: ======= StartMenuInternet: (HKU\S-1-5-21-285109389-3928928740-2186509083-1001) OperaMail - "C:\Users\ACER\AppData\Local\Opera Mail\OperaMail.exe" ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed] R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [3053312 2014-06-26] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate) S2 MBAMService; C:\Program Files (x86)\Wartung\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate) R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [289248 2015-03-19] (AVG Technologies CZ, s.r.o.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated) S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2015-02-26] () S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-10 14:13 - 2015-04-10 14:13 - 00000000 _____ () C:\Users\ACER\Desktop\Neues Textdokument.txt 2015-04-10 12:07 - 2015-04-10 14:40 - 00001143 _____ () C:\Windows\setupact.log 2015-04-10 12:07 - 2015-04-10 12:07 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-10 11:17 - 2015-04-10 14:43 - 00246231 _____ () C:\Windows\WindowsUpdate.log 2015-04-09 20:35 - 2015-04-09 20:35 - 00001454 _____ () C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-09 19:59 - 2015-04-09 20:00 - 00030849 _____ () C:\Users\ACER\Desktop\Addition.txt 2015-04-09 19:28 - 2015-04-09 19:28 - 00001002 _____ () C:\Users\ACER\Desktop\JRT.txt 2015-04-09 19:26 - 2015-04-09 19:26 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ACERPC-Windows-8.1-(64-bit).dat 2015-04-09 19:26 - 2015-04-09 19:26 - 00000000 ____D () C:\RegBackup 2015-04-09 19:20 - 2015-04-09 19:20 - 00010195 _____ () C:\Users\ACER\Desktop\mbam2.txt 2015-04-09 18:32 - 2015-04-09 18:32 - 00000713 _____ () C:\Users\ACER\Desktop\AdwCleaner - Verknüpfung.lnk 2015-04-09 18:24 - 2015-04-09 18:21 - 02686959 _____ (Thisisu) C:\Users\ACER\Desktop\JRT.exe 2015-04-09 18:24 - 2015-04-09 18:20 - 11028616 _____ (SurfRight B.V.) C:\Users\ACER\Desktop\HitmanPro_x64.exe 2015-04-09 18:24 - 2015-04-09 18:19 - 00165376 _____ () C:\Users\ACER\Desktop\SystemLook_x64.exe 2015-04-09 18:24 - 2015-04-09 18:14 - 00852607 _____ () C:\Users\ACER\Desktop\SecurityCheck.exe 2015-04-09 18:24 - 2015-04-09 18:10 - 02217984 _____ () C:\Users\ACER\Desktop\AdwCleaner_4.201.exe 2015-04-09 17:35 - 2015-04-09 17:37 - 00041142 _____ () C:\Users\ACER\Desktop\Addition1 (1).txt 2015-04-09 17:33 - 2015-04-10 14:44 - 00019139 _____ () C:\Users\ACER\Desktop\FRST.txt 2015-04-09 17:33 - 2015-04-10 14:44 - 00000000 ____D () C:\FRST 2015-04-09 17:33 - 2015-04-09 17:37 - 00068714 _____ () C:\Users\ACER\Desktop\Addition1 (2).txt 2015-04-09 17:32 - 2015-04-09 17:33 - 02095616 _____ (Farbar) C:\Users\ACER\Desktop\FRST64.exe 2015-04-09 17:21 - 2015-04-09 17:21 - 00447066 _____ () C:\Users\ACER\Desktop\mbam1.txt 2015-04-09 16:35 - 2015-04-09 16:35 - 00001244 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-04-09 16:35 - 2015-04-09 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-09 16:35 - 2015-04-09 16:35 - 00000000 ____D () C:\Program Files (x86)\Wartung 2015-04-09 16:32 - 2015-04-09 16:34 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\ACER\Downloads\mbam-setup-2.1.4.1018.exe 2015-04-07 19:21 - 2015-04-07 19:21 - 00003758 _____ () C:\Windows\System32\Tasks\RunTool 2015-04-07 19:20 - 2015-04-07 19:20 - 00000000 ____D () C:\Users\ACER\AppData\Local\febd4d65-44d5-43c3-99cd-f86769a9229e 2015-04-07 17:57 - 2015-04-07 17:59 - 00000000 ___SD () C:\Windows\system32\GWX 2015-04-07 17:57 - 2015-04-07 17:57 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-03-30 19:17 - 2015-04-09 20:09 - 00000000 ____D () C:\Users\ACER\Downloads\1&1 Internet AG - DSL, Hosting, Mobile Internet, Domain, Server_files 2015-03-30 19:17 - 2015-03-30 19:17 - 00026068 _____ () C:\Users\ACER\Downloads\1&1 Internet AG - DSL, Hosting, Mobile Internet, Domain, Server.html 2015-03-26 00:50 - 2015-03-26 00:51 - 00243648 _____ () C:\Users\ACER\Downloads\Firefox Setup Stub 36.0.4.exe 2015-03-25 23:55 - 2015-03-11 04:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-03-25 23:55 - 2015-03-11 00:08 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-03-25 23:55 - 2015-03-11 00:08 - 00943104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-03-25 23:55 - 2015-03-11 00:08 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-03-25 23:55 - 2015-03-11 00:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-03-25 23:55 - 2015-03-11 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-03-25 23:55 - 2015-03-11 00:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-03-25 00:59 - 2015-03-25 00:59 - 00001284 _____ () C:\Users\ACER\Desktop\Revo Uninstaller.lnk 2015-03-25 00:58 - 2015-03-25 00:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ACER\Downloads\revosetup95.exe 2015-03-25 00:43 - 2015-03-25 00:44 - 40909304 _____ () C:\Users\ACER\Downloads\Firefox_Setup_36.0.4.exe 2015-03-22 20:03 - 2015-03-22 23:45 - 00000000 ____D () C:\Users\ACER\Documents\DoctorPC 2015-03-19 23:40 - 2015-03-12 12:59 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll 2015-03-19 23:40 - 2015-03-12 12:58 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll 2015-03-19 23:37 - 2015-03-19 23:37 - 29419944 _____ (Oracle Corporation) C:\Users\ACER\Downloads\jre-7u60-windows.exe 2015-03-19 16:05 - 2015-03-19 16:05 - 00289248 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgwfpa.sys 2015-03-18 23:50 - 2015-03-18 23:50 - 01055936 _____ (Adobe) C:\Users\ACER\Downloads\install_flashplayer17x32_mssa_aaa_aih(1).exe 2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 ____D () C:\49ccf6f8-46c9-4f2f-b88e-36981013ca66 2015-03-17 13:30 - 2015-03-17 14:19 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Steganos 2015-03-17 13:30 - 2015-03-17 13:43 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Steganos VPN 2015-03-17 13:21 - 2015-03-17 13:21 - 00003144 _____ () C:\Windows\System32\Tasks\{D5B9B7D5-8BC2-45BD-A89D-16B2BF06CECB} 2015-03-17 00:46 - 2015-03-17 00:46 - 00613255 _____ (CMI Limited) C:\Users\ACER\AppData\Local\nswC163.tmp 2015-03-17 00:45 - 2015-04-09 19:23 - 00000000 ____D () C:\ProgramData\USNmLER 2015-03-17 00:26 - 2015-03-17 00:26 - 00000000 ____D () C:\Users\ACER\Documents\StreamTransport 2015-03-17 00:08 - 2015-03-17 00:08 - 00001038 _____ () C:\Users\Public\Desktop\PDF-Viewer.lnk 2015-03-17 00:08 - 2015-03-17 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer 2015-03-17 00:07 - 2015-03-17 00:08 - 00000000 ____D () C:\Program Files\Tracker Software 2015-03-15 20:14 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2015-03-15 20:14 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2015-03-15 20:14 - 2015-02-07 01:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml 2015-03-15 20:14 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-03-15 20:14 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2015-03-15 20:14 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-03-15 20:14 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2015-03-15 20:14 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2015-03-15 20:14 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2015-03-15 20:14 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll 2015-03-15 20:14 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2015-03-15 20:14 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2015-03-15 20:14 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll 2015-03-15 20:14 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2015-03-15 20:14 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll 2015-03-15 20:14 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys 2015-03-15 20:14 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys 2015-03-15 20:14 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll 2015-03-15 20:14 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll 2015-03-15 20:14 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll 2015-03-15 20:14 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll 2015-03-15 20:14 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll 2015-03-15 20:14 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll 2015-03-15 20:14 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll 2015-03-15 20:14 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll 2015-03-15 20:14 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll 2015-03-15 20:14 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll 2015-03-15 20:14 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll 2015-03-15 20:14 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll 2015-03-15 20:14 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll 2015-03-15 20:14 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll 2015-03-15 20:14 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll 2015-03-15 20:14 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-15 20:14 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2015-03-15 20:14 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2015-03-15 20:14 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-15 20:14 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-03-15 20:14 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2015-03-15 20:14 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2015-03-15 20:14 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-03-15 20:14 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll 2015-03-15 20:14 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll 2015-03-15 20:14 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe 2015-03-15 20:14 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe 2015-03-15 20:14 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2015-03-15 20:14 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2015-03-15 20:14 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe 2015-03-15 20:13 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2015-03-15 20:13 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2015-03-15 19:53 - 2015-03-15 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Eigenständige Version von Link Scanner 2015-03-11 18:30 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 18:30 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-11 18:30 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 18:30 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 18:30 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 18:30 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-11 18:30 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-11 18:30 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 18:30 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 18:30 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-03-11 18:30 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-03-11 18:30 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-11 18:30 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-11 18:29 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 18:29 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-11 18:29 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-11 18:29 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-03-11 18:29 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-11 18:29 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 18:29 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-11 18:29 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 18:29 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 18:29 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 18:29 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-03-11 18:29 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 18:29 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 18:29 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-11 18:29 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-03-11 18:29 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-11 18:29 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 18:29 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-11 18:29 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-03-11 18:29 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-03-11 18:29 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-03-11 18:29 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 18:29 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 18:29 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 18:29 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 18:29 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-11 18:29 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-03-11 18:29 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-03-11 18:29 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 18:29 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-03-11 18:29 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-11 18:29 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-11 18:29 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 18:29 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 18:29 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-11 18:29 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-11 18:29 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-11 18:29 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 18:29 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-11 18:29 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 18:29 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-11 18:29 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 18:29 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-11 18:29 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 18:29 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-10 14:42 - 2014-08-14 19:23 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Skype 2015-04-10 14:41 - 2014-11-19 12:34 - 00000000 __RDO () C:\Users\ACER\OneDrive 2015-04-10 14:41 - 2014-07-26 19:21 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-10 14:40 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-10 14:34 - 2014-11-25 22:59 - 00215040 ___SH () C:\Users\ACER\Downloads\Thumbs.db 2015-04-10 14:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru 2015-04-10 12:49 - 2013-12-19 19:56 - 00765582 _____ () C:\Windows\system32\perfh007.dat 2015-04-10 12:49 - 2013-12-19 19:56 - 00159366 _____ () C:\Windows\system32\perfc007.dat 2015-04-10 12:49 - 2013-09-06 09:08 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-10 12:40 - 2013-08-22 15:25 - 00524288 ___SH () C:\Windows\system32\config\BBI 2015-04-10 11:36 - 2014-02-15 21:41 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{24C2E650-C124-4299-A085-B8D56F0EF902} 2015-04-10 11:23 - 2014-09-24 13:02 - 00000000 ____D () C:\ProgramData\MFAData 2015-04-09 21:57 - 2013-12-19 11:25 - 00065536 _____ () C:\Windows\system32\spu_storage.bin 2015-04-09 21:56 - 2014-05-20 23:17 - 00205312 ___SH () C:\Users\ACER\Desktop\Thumbs.db 2015-04-09 21:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF 2015-04-09 21:24 - 2014-04-15 19:52 - 00000000 ____D () C:\Users\ACER\AppData\Local\CrashDumps 2015-04-09 20:32 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache 2015-04-09 20:30 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-04-09 18:34 - 2014-08-14 13:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-09 18:29 - 2014-09-09 20:31 - 00000000 ____D () C:\AdwCleaner 2015-04-09 18:28 - 2014-02-15 04:01 - 00000000 ____D () C:\Users\ACER 2015-04-09 17:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-04-05 22:27 - 2014-09-24 13:08 - 00001001 _____ () C:\Users\Public\Desktop\AVG 2015.lnk 2015-03-26 23:08 - 2014-12-13 01:03 - 00000000 ____D () C:\Windows\system32\appraiser 2015-03-26 23:08 - 2014-07-10 22:32 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-03-26 18:31 - 2015-03-06 18:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-26 00:00 - 2014-05-02 22:32 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\vlc 2015-03-21 19:34 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Sysprep 2015-03-21 19:34 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\servicing 2015-03-21 19:23 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\registration 2015-03-21 19:22 - 2014-05-02 23:19 - 00000000 ____D () C:\Users\ACER\AppData\Local\Google 2015-03-20 01:01 - 2014-07-10 21:00 - 00000000 ____D () C:\Users\ACER\AppData\Local\Adobe 2015-03-18 23:53 - 2013-09-06 09:16 - 00000000 ____D () C:\ProgramData\McAfee 2015-03-18 01:26 - 2014-05-13 18:09 - 00000000 ____D () C:\Program Files\Recuva 2015-03-17 06:15 - 2014-08-14 13:33 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-17 06:15 - 2014-08-14 13:33 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-17 06:15 - 2014-08-14 13:33 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-17 00:54 - 2014-05-02 23:19 - 00000000 ____D () C:\Program Files (x86)\Google 2015-03-16 22:54 - 2013-08-22 16:44 - 00365096 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData 2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore 2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-03-15 23:27 - 2014-04-05 17:04 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-15 23:22 - 2014-04-05 17:04 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Files in the root of some directories ======= 2014-08-06 16:51 - 2014-08-12 11:40 - 0016958 _____ () C:\Users\ACER\AppData\Local\gem.ico 2014-08-06 16:51 - 2014-08-12 11:40 - 0127112 _____ () C:\Users\ACER\AppData\Local\mybet.ico 2014-08-12 13:34 - 2014-08-12 13:34 - 0575544 _____ (ClickMeIn Limited) C:\Users\ACER\AppData\Local\nsgAB37.tmp 2015-03-17 00:46 - 2015-03-17 00:46 - 0613255 _____ (CMI Limited) C:\Users\ACER\AppData\Local\nswC163.tmp 2014-08-10 23:02 - 2014-08-10 23:02 - 0000932 _____ () C:\Users\ACER\AppData\Local\recently-used.xbel 2014-04-05 16:34 - 2014-04-05 16:34 - 0000017 _____ () C:\Users\ACER\AppData\Local\resmon.resmoncfg 2013-12-19 11:30 - 2013-12-19 11:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\ACER\AppData\Local\Temp\playerfile.exe C:\Users\ACER\AppData\Local\Temp\Quarantine.exe C:\Users\ACER\AppData\Local\Temp\sqlite3.dll C:\Users\ACER\AppData\Local\Temp\sysad.exe C:\Users\ACER\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\ACER\AppData\Local\Temp\System.Data.SQLitefebd4d65-44d5-43c3-99cd-f86769a9229e.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-09 17:41 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by ACER at 2015-04-10 14:45:53 Running from C:\Users\ACER\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated) Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.00.3000 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8101 - Acer Incorporated) Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.3001 - Acer Incorporated) AMD Catalyst Install Manager (HKLM\...\{4465D909-4FA8-86D2-121C-676BB60E63D7}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks) AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies) AVG 2015 (Version: 15.0.4273 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP) ETDWare PS/2-X64 11.6.27.201_WHQL (HKLM\...\Elantech) (Version: 11.6.27.201 - ELAN Microelectronic Corp.) Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation) Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.312.1 - Tracker Software Products Ltd) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications) Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-285109389-3928928740-2186509083-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-285109389-3928928740-2186509083-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-285109389-3928928740-2186509083-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-285109389-3928928740-2186509083-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-285109389-3928928740-2186509083-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-285109389-3928928740-2186509083-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) ==================== Restore Points ========================= 22-03-2015 19:49:29 LavasoftWeCompanion 26-03-2015 23:05:06 Windows Update 07-04-2015 17:55:26 Windows Modules Installer 09-04-2015 20:29:37 Windows Modules Installer ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1E0A6BB6-7981-45CC-99D3-AEBB5D8A1989} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated) Task: {1FE1F153-7E78-4A28-B2A5-B8CA66D682AD} - System32\Tasks\{842D99C5-0D6E-48C7-83F2-B720256ADA68} => pcalua.exe -a "C:\Program Files\Reimage\Reimage Repair\uninst.exe" Task: {245AF862-9C26-4B71-BB65-94A50076E3CE} - System32\Tasks\{1ED86A35-2052-46D9-A721-FB3E769F7F82} => Iexplore.exe http://ui.skype.com/ui/0/6.18.0.106/de/abandoninstall?source=lightinstaller&page=tsMain Task: {34D9F19F-CE91-49AA-8674-58171BE3E021} - System32\Tasks\ApplicationCompatibilityauf => C:\Windows\hh64.exe Task: {539332B6-50AB-4186-9424-B9F14CAB0676} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd) Task: {546301A8-A38F-4790-8FE8-42EC180792ED} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] () Task: {566B7660-B965-40DE-AEE5-4E3D72938FA1} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-03] (Acer Incorporate) Task: {5F846995-83DC-41BD-964E-5212158849BA} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] () Task: {66547D75-40C9-45E4-80EB-819DDC3EFB83} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: {7243063F-46DB-4B6F-9F8F-C2B76FBB2143} - System32\Tasks\RunTool => C:\Users\ACER\AppData\Local\febd4d65-44d5-43c3-99cd-f86769a9229e\sysad.exe [2015-04-07] () Task: {813FEA59-09A6-4910-B7AD-649A244B7768} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2013-08-02] (Acer Incorporate) Task: {8782D9F2-F096-4E66-ACB1-BBB5E85B0B3B} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {88E7F1A6-3270-4367-B5DC-45E11201880E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-15] (Microsoft Corporation) Task: {97B2FCA8-1A10-4F37-974D-27F0458C3C6E} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe Task: {99958243-F6DF-44B9-B1D3-9E7746D277F7} - System32\Tasks\ACER NBAgent 15 0 => C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBAgent.exe Task: {9DF5D28C-8F74-4CC1-A387-2DC5D32FD33A} - System32\Tasks\{ECDF465A-384D-497E-A7AE-64738EA892B9} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1 Task: {A36A8105-6733-490B-9484-67E0FC475D6B} - System32\Tasks\{1CFB0DF4-9366-48BE-9892-3A05990E270D} => pcalua.exe -a "C:\Program Files (x86)\FotoWorksXL2014\unins000.exe" Task: {A57CCAB0-A3AC-46CE-B006-2972C6656911} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-26] (Google Inc.) Task: {C8058DA3-E360-4493-BCFE-8B0199E8055C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-26] (Google Inc.) Task: {CA1B2D26-5F6B-4B1C-BD39-CF4124E1E5A8} - System32\Tasks\{D5B9B7D5-8BC2-45BD-A89D-16B2BF06CECB} => pcalua.exe -a C:\Users\ACER\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cmi Task: {D351BB32-A757-413A-8958-145F7C599493} - System32\Tasks\{8E512067-F40B-4D10-A757-348220C989E8} => Iexplore.exe http://ui.skype.com/ui/0/6.18.0.106/de/abandoninstall?source=lightinstaller&page=tsMain Task: {D3CA65F7-0742-4C68-9447-508938417B63} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {E84E0E46-245F-4B45-831C-8D255E559D31} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {F83946E6-618D-47B7-9983-7ADF170A6A5B} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-09-12] (Acer Incorporated) Task: {FC0BF0FE-C410-40C7-98C4-4FC043D1A27E} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-04-06 15:04 - 2005-04-22 06:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll 2014-12-03 01:16 - 2014-12-03 01:16 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll 2014-11-21 19:26 - 2014-06-04 11:21 - 00571904 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll 2014-11-21 19:26 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\ACER\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-285109389-3928928740-2186509083-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: 3a37b93a => 2 MSCONFIG\Services: bobyzoom => 2 MSCONFIG\Services: bzwdg => 2 MSCONFIG\Services: DoReMe => 2 MSCONFIG\Services: Gambali => 2 MSCONFIG\Services: globalUpdate => 2 MSCONFIG\Services: globalUpdatem => 3 MSCONFIG\Services: IHProtect Service => 2 MSCONFIG\Services: PCSUService => 2 MSCONFIG\Services: rWdwohv => 2 MSCONFIG\Services: SCService => 2 HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "BlockAndSurf" HKLM\...\StartupApproved\Run32: => "fst_de_135" HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\StartupApproved\StartupFolder: => "crossbrowse.lnk" HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\StartupApproved\Run: => "eM Client" HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F6515CCC0E7A16819F399CD8FB2F0977" HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\StartupApproved\Run: => "Optimizer Pro" HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\StartupApproved\Run: => "PCSpeedUp" ==================== Accounts: ============================= ACER (S-1-5-21-285109389-3928928740-2186509083-1001 - Administrator - Enabled) => C:\Users\ACER Administrator (S-1-5-21-285109389-3928928740-2186509083-500 - Administrator - Disabled) Gast (S-1-5-21-285109389-3928928740-2186509083-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-285109389-3928928740-2186509083-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Dell 3333dn Description: Dell 3333dn Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Dell Service: usbscan Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/10/2015 00:51:36 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT) Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services. Error: (04/09/2015 08:40:12 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT) Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services. Error: (04/09/2015 08:28:18 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12f8 Startzeit: 01d072f2376749d6 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 2b77d53b-dee6-11e4-82bc-3065ec2c4a51 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (04/09/2015 07:51:49 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT) Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services. Error: (04/09/2015 05:50:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: bzdap.exe, Version: 1.1.0.30, Zeitstempel: 0x550ef690 Name des fehlerhaften Moduls: bobyzoomutil32.dll, Version: 1.1.0.30, Zeitstempel: 0x550ef681 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00006708 ID des fehlerhaften Prozesses: 0x1e7c Startzeit der fehlerhaften Anwendung: 0xbzdap.exe0 Pfad der fehlerhaften Anwendung: bzdap.exe1 Pfad des fehlerhaften Moduls: bzdap.exe2 Berichtskennung: bzdap.exe3 Vollständiger Name des fehlerhaften Pakets: bzdap.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: bzdap.exe5 Error: (04/08/2015 03:37:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: bzagnt.exe, Version: 1.1.0.30, Zeitstempel: 0x550ef681 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17668, Zeitstempel: 0x54c846bb Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004264d ID des fehlerhaften Prozesses: 0x71c Startzeit der fehlerhaften Anwendung: 0xbzagnt.exe0 Pfad der fehlerhaften Anwendung: bzagnt.exe1 Pfad des fehlerhaften Moduls: bzagnt.exe2 Berichtskennung: bzagnt.exe3 Vollständiger Name des fehlerhaften Pakets: bzagnt.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: bzagnt.exe5 Error: (04/07/2015 07:21:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.9600.17415, Zeitstempel: 0x545046f0 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17668, Zeitstempel: 0x54c846bb Ausnahmecode: 0xc0000374 Fehleroffset: 0x000e5934 ID des fehlerhaften Prozesses: 0x175c Startzeit der fehlerhaften Anwendung: 0xwmplayer.exe0 Pfad der fehlerhaften Anwendung: wmplayer.exe1 Pfad des fehlerhaften Moduls: wmplayer.exe2 Berichtskennung: wmplayer.exe3 Vollständiger Name des fehlerhaften Pakets: wmplayer.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: wmplayer.exe5 Error: (04/07/2015 07:19:58 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm sllauncher.exe, Version 5.1.30514.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e60 Startzeit: 01d07156f371b757 Endzeit: 93 Anwendungspfad: C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe Berichts-ID: 4d7f0550-dd4a-11e4-82b6-3065ec2c4a51 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (04/07/2015 05:58:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ACERPC) Description: Bei der Aktivierung der App „winstore_cw5n1h2txyewy!Windows.Store“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (04/07/2015 05:57:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: ACERPC) Description: Die App „winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store“ wurde nicht innerhalb der vorgesehenen Zeit gestartet. System errors: ============= Error: (04/10/2015 02:39:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "McAfee Firewall Core Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/10/2015 00:45:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: %%1243 Error: (04/10/2015 00:44:15 PM) (Source: DCOM) (EventID: 10005) (User: ACERPC) Description: 1084WSearchNicht verfügbar{9E175B68-F52A-11D8-B9A5-505054503030} Error: (04/10/2015 00:44:14 PM) (Source: DCOM) (EventID: 10005) (User: ACERPC) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (04/10/2015 00:44:08 PM) (Source: DCOM) (EventID: 10005) (User: ACERPC) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (04/10/2015 00:43:52 PM) (Source: DCOM) (EventID: 10005) (User: ACERPC) Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (04/10/2015 00:43:52 PM) (Source: DCOM) (EventID: 10005) (User: ACERPC) Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (04/10/2015 00:43:52 PM) (Source: DCOM) (EventID: 10005) (User: ACERPC) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (04/10/2015 00:43:46 PM) (Source: DCOM) (EventID: 10005) (User: ACERPC) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (04/10/2015 00:43:40 PM) (Source: DCOM) (EventID: 10005) (User: ACERPC) Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Microsoft Office Sessions: ========================= Error: (04/10/2015 00:51:36 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT) Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/09/2015 08:40:12 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT) Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/09/2015 08:28:18 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.2068912f801d072f2376749d64294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe2b77d53b-dee6-11e4-82bc-3065ec2c4a51microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (04/09/2015 07:51:49 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT) Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/09/2015 05:50:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: bzdap.exe1.1.0.30550ef690bobyzoomutil32.dll1.1.0.30550ef681c0000005000067081e7c01d072ce2f312a41C:\ProgramData\bobyzoom\1.1.0.30\bzdap.exeC:\ProgramData\bobyzoom\1.1.0.30\bobyzoomutil32.dll2adb94ba-ded0-11e4-82b6-3065ec2c4a51 Error: (04/08/2015 03:37:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: bzagnt.exe1.1.0.30550ef681ntdll.dll6.3.9600.1766854c846bbc00000050004264d71c01d064ede87a1922C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exeC:\Windows\SYSTEM32\ntdll.dll7615798f-ddf4-11e4-82b6-3065ec2c4a51 Error: (04/07/2015 07:21:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: wmplayer.exe12.0.9600.17415545046f0ntdll.dll6.3.9600.1766854c846bbc0000374000e5934175c01d0715733affd1fC:\Program Files (x86)\Windows Media Player\wmplayer.exeC:\Windows\SYSTEM32\ntdll.dll76809a53-dd4a-11e4-82b6-3065ec2c4a51 Error: (04/07/2015 07:19:58 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: sllauncher.exe5.1.30514.0e6001d07156f371b75793C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe4d7f0550-dd4a-11e4-82b6-3065ec2c4a51 Error: (04/07/2015 05:58:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ACERPC) Description: winstore_cw5n1h2txyewy!Windows.Store-2144927142 Error: (04/07/2015 05:57:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: ACERPC) Description: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store CodeIntegrity Errors: =================================== Date: 2015-03-19 22:55:38.559 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-19 22:55:38.059 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-19 22:55:37.543 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-19 22:55:34.840 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-19 22:55:34.090 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-17 15:24:43.700 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-17 15:24:43.059 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-17 15:23:10.240 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-17 15:23:09.616 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-17 15:23:08.897 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. |
10.04.2015, 15:46 | #2 |
/// the machine /// TB-Ausbilder | Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert Hi,
__________________wer hat die fixlist erstellt??? Downloade dir bitte Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ |
10.04.2015, 15:58 | #3 |
| Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert Hallo Schrauber,
__________________die fixlist habe ich erstellt. War hoffentlich nicht allzu dilettantisch!? Ich dachte, ich könnte Euch Arbeit ersparen ... Code:
ATTFilter Farbar Service Scanner Version: 17-01-2015 Ran by ACER (administrator) on 10-04-2015 at 16:51:46 Running from "C:\Users\ACER\Desktop" Microsoft Windows 8.1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is unreachable Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Action Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is set to Demand. The default start type is Auto. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"". Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log **** Geändert von Riddle (10.04.2015 um 16:31 Uhr) |
11.04.2015, 07:21 | #4 |
/// the machine /// TB-Ausbilder | Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter IFEO\b9eg190.exe: [Debugger] TaskList.exe IFEO\bbqleads.exe: [Debugger] TaskList.exe IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe IFEO\bbqquotes.exe: [Debugger] TaskList.exe IFEO\ContentExplorer.exe: [Debugger] TaskList.exe IFEO\donutleads.exe: [Debugger] TaskList.exe IFEO\donutquotes.exe: [Debugger] TaskList.exe IFEO\internetenhancer.exe: [Debugger] TaskList.exe IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe IFEO\pastaleads.exe: [Debugger] TaskList.exe IFEO\pastaquotes.exe: [Debugger] TaskList.exe IFEO\spyhunter.exe: [Debugger] TaskList.exe IFEO\theanswerfinder.exe: [Debugger] TaskList.exe IFEO\wajam.exe: [Debugger] TaskList.exe IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> DefaultScope {5E8C4DD6-E11D-485A-94C1-9B4760A70C26} URL = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {5649E217-8764-48F7-A498-BBC2C0C9D66F} URL = SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {5E8C4DD6-E11D-485A-94C1-9B4760A70C26} URL = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = FF Extension: suncultsfnet - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\suncult@sf.net [2015-03-23] FF Extension: OkayFreedom - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2015-03-17] FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\istart_ffnt@gmail.com [Not Found] FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\searchengine@gmail.com [Not Found] FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\bbz@bobyzoom.com [Not Found] FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com [Not Found] FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\e4aa8e99-7176-43d9-9f3f-3c3302d236b6@gmail.com [Not Found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Windows Repair Tool laufen lassen: Windows reparieren - so geht's - Anleitungen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
11.04.2015, 08:14 | #5 |
| Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert Guten Morgen, hier das Logfile: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by ACER at 2015-04-11 09:08:42 Run:2 Running from C:\Users\ACER\Desktop Loaded Profiles: ACER (Available profiles: ACER) Boot Mode: Normal ============================================== Content of fixlist: ***************** IFEO\b9eg190.exe: [Debugger] TaskList.exe IFEO\bbqleads.exe: [Debugger] TaskList.exe IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe IFEO\bbqquotes.exe: [Debugger] TaskList.exe IFEO\ContentExplorer.exe: [Debugger] TaskList.exe IFEO\donutleads.exe: [Debugger] TaskList.exe IFEO\donutquotes.exe: [Debugger] TaskList.exe IFEO\internetenhancer.exe: [Debugger] TaskList.exe IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe IFEO\pastaleads.exe: [Debugger] TaskList.exe IFEO\pastaquotes.exe: [Debugger] TaskList.exe IFEO\spyhunter.exe: [Debugger] TaskList.exe IFEO\theanswerfinder.exe: [Debugger] TaskList.exe IFEO\wajam.exe: [Debugger] TaskList.exe IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> DefaultScope {5E8C4DD6-E11D-485A-94C1-9B4760A70C26} URL = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {5649E217-8764-48F7-A498-BBC2C0C9D66F} URL = SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {5E8C4DD6-E11D-485A-94C1-9B4760A70C26} URL = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = FF Extension: suncultsfnet - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\suncult@sf.net [2015-03-23] FF Extension: OkayFreedom - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2015-03-17] FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\istart_ffnt@gmail.com [Not Found] FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\searchengine@gmail.com [Not Found] FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\bbz@bobyzoom.com [Not Found] FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com [Not Found] FF Extension: No Name - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\e4aa8e99-7176-43d9-9f3f-3c3302d236b6@gmail.com [Not Found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] Emptytemp: ***************** "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\b9eg190.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleads.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleadsapplication.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleadsservice.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqquotes.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ContentExplorer.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\donutleads.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\donutquotes.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancer.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancerservice.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pastaleads.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pastaquotes.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spyhunter.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\theanswerfinder.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajam.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancer.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerApp.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerAppservice.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancerservice.exe" => Key deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-21-285109389-3928928740-2186509083-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-285109389-3928928740-2186509083-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5649E217-8764-48F7-A498-BBC2C0C9D66F}" => Key deleted successfully. HKCR\CLSID\{5649E217-8764-48F7-A498-BBC2C0C9D66F} => Key not found. "HKU\S-1-5-21-285109389-3928928740-2186509083-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5E8C4DD6-E11D-485A-94C1-9B4760A70C26}" => Key deleted successfully. HKCR\CLSID\{5E8C4DD6-E11D-485A-94C1-9B4760A70C26} => Key not found. "HKU\S-1-5-21-285109389-3928928740-2186509083-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully. HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\suncult@sf.net not found. C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi not found. C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\istart_ffnt@gmail.com not found. C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\searchengine@gmail.com not found. C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\bbz@bobyzoom.com not found. C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com not found. C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\extensions\e4aa8e99-7176-43d9-9f3f-3c3302d236b6@gmail.com not found. C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => Moved successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully. esgiguard => Service deleted successfully. EmptyTemp: => Removed 291.8 MB temporary data. The system needed a reboot. ==== End of Fixlog 09:09:16 ==== |
11.04.2015, 18:08 | #6 |
/// the machine /// TB-Ausbilder | Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert Repair Tool gemacht? Frisches FRST log bitte. Noch Probleme?
__________________ --> Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert |
12.04.2015, 09:02 | #7 |
| Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert Die Anweisung mit dem Repair Tool hatte ich glatt übersehen ... Habe ich jetzt im abgesicherten Modus nachgeholt. Bin mir nicht sicher, ob alles fehlerfrei durchgelaufen ist, die Meldungen sind aber teilweise so schnell wieder verschwunden. Der 1. Neustart war auch etwas ungewöhnlich. Windows startete mit einem schwarzen Bildschirm und geöffnetem IE. Erst als ich den geschlossen habe, zeigte sich Windows mit dem normalen Desktop. (Noch habe ich keinen weiteren Neustart gemacht.) Windows Defender läuft wieder. Den AVG Linkscanner habe ich gestern deinstalliert und AVG Remover ausgeführt. Eine Neuinstallation von AVG funktioniert aber nicht. Fehler 0xC0070652. Angeblich läuft eine 2. Installation, die erst beendet werden soll. Gleiches Verhalten vor und nach Repair Tool. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by ACER (administrator) on ACERPC on 12-04-2015 09:40:25 Running from C:\Users\ACER\Desktop Loaded Profiles: ACER (Available profiles: ACER) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare) HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation) HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-285109389-3928928740-2186509083-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:58242;https=127.0.0.1:58242 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKU\S-1-5-21-285109389-3928928740-2186509083-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmailer.1und1.de/;jsessionid=F5A3C1717E85CA067EEE8F0E32334521.TCpfix220a HKU\S-1-5-21-285109389-3928928740-2186509083-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> DefaultScope {96CDA478-1897-4269-AD80-9D87EC5DB261} URL = https://duckduckgo.com/?q={searchTerms} SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {5649E217-8764-48F7-A498-BBC2C0C9D66F} URL = SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {96CDA478-1897-4269-AD80-9D87EC5DB261} URL = https://duckduckgo.com/?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-05-23] (Oracle Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-05-23] (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585 FF DefaultSearchEngine: DuckDuckGo FF Homepage: https://www.startpage.com FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-05-23] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-05-23] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-285109389-3928928740-2186509083-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.) FF Extension: 1&1 MailCheck - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\toolbar@1und1.de [2015-02-26] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Profile: C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-17] CHR Extension: (Google Docs) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-17] CHR Extension: (Google Drive) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-17] CHR Extension: (YouTube) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-17] CHR Extension: (Google Search) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-17] CHR Extension: (Google Sheets) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-17] CHR Extension: (Avira Browser Safety) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-17] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17] CHR Extension: (Google Wallet) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-17] CHR Extension: (Gmail) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-17] Opera: ======= StartMenuInternet: (HKU\S-1-5-21-285109389-3928928740-2186509083-1001) OperaMail - "C:\Users\ACER\AppData\Local\Opera Mail\OperaMail.exe" ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed] S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [3053312 2014-06-26] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate) S2 MBAMService; C:\Program Files (x86)\Wartung\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate) R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated) S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2015-02-26] () R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-11 21:40 - 2015-04-11 21:37 - 02701841 _____ () C:\Users\ACER\Desktop\CBS.log 2015-04-11 20:20 - 2015-04-11 20:20 - 00000000 ____D () C:\Users\ACER\Downloads\tweaking.com_windows_repair_aio 2015-04-11 20:16 - 2015-04-11 20:17 - 10661081 _____ () C:\Users\ACER\Downloads\tweaking.com_windows_repair_aio.zip 2015-04-11 12:47 - 2015-04-11 12:48 - 01565744 _____ () C:\Users\ACER\Downloads\AVG_Remover_en.exe 2015-04-11 12:45 - 2015-04-11 12:45 - 00084759 _____ () C:\Users\ACER\Desktop\AVGInstLog.cab 2015-04-11 12:29 - 2015-04-12 09:28 - 00000000 ____D () C:\ProgramData\MFAData 2015-04-11 12:29 - 2015-04-11 12:29 - 00000000 ____D () C:\Users\ACER\AppData\Local\MFAData 2015-04-11 12:29 - 2015-04-11 12:29 - 00000000 ____D () C:\Users\ACER\AppData\Local\Avg2015 2015-04-11 12:25 - 2015-04-12 09:15 - 00098232 _____ () C:\Windows\PFRO.log 2015-04-11 12:23 - 2015-04-11 12:25 - 00471572 _____ () C:\Users\ACER\Desktop\avgremover.log 2015-04-11 12:05 - 2015-04-11 12:18 - 183952072 _____ (AVG Technologies) C:\Users\ACER\Downloads\avg_free_x64_all_2015_ltst_221_5863.exe 2015-04-11 12:03 - 2015-04-11 12:03 - 03691688 _____ () C:\Users\ACER\Downloads\AVG_Remover_2015.zip 2015-04-10 18:46 - 2015-04-12 09:30 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-285109389-3928928740-2186509083-1001 2015-04-10 18:41 - 2015-04-10 18:41 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-04-10 18:41 - 2015-04-10 18:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-10 16:51 - 2015-04-10 16:51 - 00002794 _____ () C:\Users\ACER\Desktop\FSS.txt 2015-04-10 16:51 - 2015-04-10 16:49 - 00415232 _____ (Farbar) C:\Users\ACER\Desktop\FSS.exe 2015-04-10 15:56 - 2015-04-10 15:56 - 00006858 _____ () C:\Users\ACER\Desktop\HitmanPro_20150410_1556.log 2015-04-10 15:48 - 2015-04-10 16:04 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-04-10 15:48 - 2015-04-10 15:48 - 00000000 ____D () C:\Program Files\HitmanPro 2015-04-10 14:13 - 2015-04-11 11:34 - 00000031 _____ () C:\Users\ACER\Desktop\Neues Textdokument.txt 2015-04-10 12:07 - 2015-04-12 09:19 - 00001839 _____ () C:\Windows\setupact.log 2015-04-10 12:07 - 2015-04-10 12:07 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-10 11:17 - 2015-04-12 09:37 - 00921160 _____ () C:\Windows\WindowsUpdate.log 2015-04-09 20:35 - 2015-04-09 20:35 - 00001454 _____ () C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-09 19:59 - 2015-04-10 14:46 - 00030440 _____ () C:\Users\ACER\Desktop\Addition.txt 2015-04-09 19:28 - 2015-04-09 19:28 - 00001002 _____ () C:\Users\ACER\Desktop\JRT.txt 2015-04-09 19:26 - 2015-04-09 19:26 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ACERPC-Windows-8.1-(64-bit).dat 2015-04-09 19:26 - 2015-04-09 19:26 - 00000000 ____D () C:\RegBackup 2015-04-09 19:20 - 2015-04-09 19:20 - 00010195 _____ () C:\Users\ACER\Desktop\mbam2.txt 2015-04-09 18:32 - 2015-04-09 18:32 - 00000713 _____ () C:\Users\ACER\Desktop\AdwCleaner - Verknüpfung.lnk 2015-04-09 18:24 - 2015-04-09 18:21 - 02686959 _____ (Thisisu) C:\Users\ACER\Desktop\JRT.exe 2015-04-09 18:24 - 2015-04-09 18:20 - 11028616 _____ (SurfRight B.V.) C:\Users\ACER\Desktop\HitmanPro_x64.exe 2015-04-09 18:24 - 2015-04-09 18:19 - 00165376 _____ () C:\Users\ACER\Desktop\SystemLook_x64.exe 2015-04-09 18:24 - 2015-04-09 18:14 - 00852607 _____ () C:\Users\ACER\Desktop\SecurityCheck.exe 2015-04-09 18:24 - 2015-04-09 18:10 - 02217984 _____ () C:\Users\ACER\Desktop\AdwCleaner_4.201.exe 2015-04-09 17:35 - 2015-04-09 17:37 - 00041142 _____ () C:\Users\ACER\Desktop\Addition1 (1).txt 2015-04-09 17:33 - 2015-04-12 09:40 - 00015637 _____ () C:\Users\ACER\Desktop\FRST.txt 2015-04-09 17:33 - 2015-04-12 09:40 - 00000000 ____D () C:\FRST 2015-04-09 17:33 - 2015-04-09 17:37 - 00068714 _____ () C:\Users\ACER\Desktop\Addition1 (2).txt 2015-04-09 17:32 - 2015-04-09 17:33 - 02095616 _____ (Farbar) C:\Users\ACER\Desktop\FRST64.exe 2015-04-09 17:21 - 2015-04-09 17:21 - 00447066 _____ () C:\Users\ACER\Desktop\mbam1.txt 2015-04-09 16:35 - 2015-04-09 16:35 - 00001244 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-04-09 16:35 - 2015-04-09 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-09 16:35 - 2015-04-09 16:35 - 00000000 ____D () C:\Program Files (x86)\Wartung 2015-04-09 16:32 - 2015-04-09 16:34 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\ACER\Downloads\mbam-setup-2.1.4.1018.exe 2015-04-07 19:21 - 2015-04-07 19:21 - 00003758 _____ () C:\Windows\System32\Tasks\RunTool 2015-04-07 19:20 - 2015-04-07 19:20 - 00000000 ____D () C:\Users\ACER\AppData\Local\febd4d65-44d5-43c3-99cd-f86769a9229e 2015-04-07 17:57 - 2015-04-07 17:59 - 00000000 ___SD () C:\Windows\system32\GWX 2015-04-07 17:57 - 2015-04-07 17:57 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-03-30 19:17 - 2015-04-09 20:09 - 00000000 ____D () C:\Users\ACER\Downloads\1&1 Internet AG - DSL, Hosting, Mobile Internet, Domain, Server_files 2015-03-30 19:17 - 2015-03-30 19:17 - 00026068 _____ () C:\Users\ACER\Downloads\1&1 Internet AG - DSL, Hosting, Mobile Internet, Domain, Server.html 2015-03-25 23:55 - 2015-03-11 04:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-03-25 23:55 - 2015-03-11 00:08 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-03-25 23:55 - 2015-03-11 00:08 - 00943104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-03-25 23:55 - 2015-03-11 00:08 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-03-25 23:55 - 2015-03-11 00:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-03-25 23:55 - 2015-03-11 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-03-25 23:55 - 2015-03-11 00:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-03-25 00:59 - 2015-03-25 00:59 - 00001284 _____ () C:\Users\ACER\Desktop\Revo Uninstaller.lnk 2015-03-25 00:58 - 2015-03-25 00:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ACER\Downloads\revosetup95.exe 2015-03-19 23:40 - 2015-03-12 12:59 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll 2015-03-19 23:40 - 2015-03-12 12:58 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll 2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 ____D () C:\49ccf6f8-46c9-4f2f-b88e-36981013ca66 2015-03-17 13:30 - 2015-03-17 14:19 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Steganos 2015-03-17 13:30 - 2015-03-17 13:43 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Steganos VPN 2015-03-17 13:21 - 2015-03-17 13:21 - 00003144 _____ () C:\Windows\System32\Tasks\{D5B9B7D5-8BC2-45BD-A89D-16B2BF06CECB} 2015-03-17 00:46 - 2015-03-17 00:46 - 00613255 _____ (CMI Limited) C:\Users\ACER\AppData\Local\nswC163.tmp 2015-03-17 00:26 - 2015-03-17 00:26 - 00000000 ____D () C:\Users\ACER\Documents\StreamTransport 2015-03-17 00:08 - 2015-03-17 00:08 - 00001038 _____ () C:\Users\Public\Desktop\PDF-Viewer.lnk 2015-03-17 00:08 - 2015-03-17 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer 2015-03-17 00:07 - 2015-03-17 00:08 - 00000000 ____D () C:\Program Files\Tracker Software 2015-03-15 20:14 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2015-03-15 20:14 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2015-03-15 20:14 - 2015-02-07 01:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml 2015-03-15 20:14 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-03-15 20:14 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2015-03-15 20:14 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-03-15 20:14 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2015-03-15 20:14 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2015-03-15 20:14 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2015-03-15 20:14 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll 2015-03-15 20:14 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2015-03-15 20:14 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2015-03-15 20:14 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll 2015-03-15 20:14 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2015-03-15 20:14 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll 2015-03-15 20:14 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys 2015-03-15 20:14 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys 2015-03-15 20:14 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll 2015-03-15 20:14 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll 2015-03-15 20:14 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll 2015-03-15 20:14 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll 2015-03-15 20:14 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll 2015-03-15 20:14 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll 2015-03-15 20:14 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll 2015-03-15 20:14 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll 2015-03-15 20:14 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll 2015-03-15 20:14 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll 2015-03-15 20:14 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll 2015-03-15 20:14 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll 2015-03-15 20:14 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll 2015-03-15 20:14 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll 2015-03-15 20:14 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll 2015-03-15 20:14 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-15 20:14 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2015-03-15 20:14 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2015-03-15 20:14 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-15 20:14 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-03-15 20:14 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2015-03-15 20:14 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2015-03-15 20:14 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-03-15 20:14 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll 2015-03-15 20:14 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll 2015-03-15 20:14 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe 2015-03-15 20:14 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe 2015-03-15 20:14 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2015-03-15 20:14 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2015-03-15 20:14 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe 2015-03-15 20:13 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2015-03-15 20:13 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-12 09:41 - 2014-07-26 19:21 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-12 09:32 - 2014-08-14 19:23 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Skype 2015-04-12 09:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-04-12 09:26 - 2014-02-15 21:41 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{24C2E650-C124-4299-A085-B8D56F0EF902} 2015-04-12 09:25 - 2014-11-19 12:34 - 00000000 __RDO () C:\Users\ACER\OneDrive 2015-04-12 09:25 - 2014-05-20 23:17 - 00205312 ___SH () C:\Users\ACER\Desktop\Thumbs.db 2015-04-12 09:24 - 2013-12-19 19:56 - 00660862 _____ () C:\Windows\system32\perfh007.dat 2015-04-12 09:24 - 2013-12-19 19:56 - 00134562 _____ () C:\Windows\system32\perfc007.dat 2015-04-12 09:24 - 2013-09-06 09:08 - 01561384 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-12 09:20 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-12 09:19 - 2013-08-22 15:25 - 00524288 ___SH () C:\Windows\system32\config\BBI 2015-04-12 09:15 - 2013-08-22 16:44 - 00365096 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-04-11 22:10 - 2013-08-22 15:25 - 00000160 _____ () C:\Windows\win.ini 2015-04-11 20:25 - 2014-08-14 15:07 - 00000000 ____D () C:\Windows\pss 2015-04-11 13:29 - 2013-12-19 11:25 - 00065536 _____ () C:\Windows\system32\spu_storage.bin 2015-04-11 12:32 - 2014-09-24 13:07 - 00000000 ____D () C:\Program Files (x86)\AVG 2015-04-11 12:22 - 2014-09-09 17:11 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\ACER\Desktop\avg_remover_stf_x64_2015_5501.exe 2015-04-10 19:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru 2015-04-10 18:41 - 2015-03-06 18:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-10 15:15 - 2014-09-09 20:31 - 00000000 ____D () C:\AdwCleaner 2015-04-10 14:34 - 2014-11-25 22:59 - 00215040 ___SH () C:\Users\ACER\Downloads\Thumbs.db 2015-04-09 21:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF 2015-04-09 21:24 - 2014-04-15 19:52 - 00000000 ____D () C:\Users\ACER\AppData\Local\CrashDumps 2015-04-09 20:32 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache 2015-04-09 20:30 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-04-09 18:34 - 2014-08-14 13:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-09 18:28 - 2014-02-15 04:01 - 00000000 ____D () C:\Users\ACER 2015-03-26 23:08 - 2014-12-13 01:03 - 00000000 ____D () C:\Windows\system32\appraiser 2015-03-26 23:08 - 2014-07-10 22:32 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-03-26 00:00 - 2014-05-02 22:32 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\vlc 2015-03-21 19:34 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Sysprep 2015-03-21 19:34 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\servicing 2015-03-21 19:23 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\registration 2015-03-21 19:22 - 2014-05-02 23:19 - 00000000 ____D () C:\Users\ACER\AppData\Local\Google 2015-03-20 01:01 - 2014-07-10 21:00 - 00000000 ____D () C:\Users\ACER\AppData\Local\Adobe 2015-03-18 01:26 - 2014-05-13 18:09 - 00000000 ____D () C:\Program Files\Recuva 2015-03-17 06:15 - 2014-08-14 13:33 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-17 06:15 - 2014-08-14 13:33 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-17 06:15 - 2014-08-14 13:33 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-17 00:54 - 2014-05-02 23:19 - 00000000 ____D () C:\Program Files (x86)\Google 2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData 2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore 2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-03-15 23:27 - 2014-04-05 17:04 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-15 23:22 - 2014-04-05 17:04 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Files in the root of some directories ======= 2014-08-06 16:51 - 2014-08-12 11:40 - 0016958 _____ () C:\Users\ACER\AppData\Local\gem.ico 2014-08-06 16:51 - 2014-08-12 11:40 - 0127112 _____ () C:\Users\ACER\AppData\Local\mybet.ico 2014-08-12 13:34 - 2014-08-12 13:34 - 0575544 _____ (ClickMeIn Limited) C:\Users\ACER\AppData\Local\nsgAB37.tmp 2015-03-17 00:46 - 2015-03-17 00:46 - 0613255 _____ (CMI Limited) C:\Users\ACER\AppData\Local\nswC163.tmp 2014-08-10 23:02 - 2014-08-10 23:02 - 0000932 _____ () C:\Users\ACER\AppData\Local\recently-used.xbel 2014-04-05 16:34 - 2014-04-05 16:34 - 0000017 _____ () C:\Users\ACER\AppData\Local\resmon.resmoncfg 2013-12-19 11:30 - 2013-12-19 11:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-09 17:41 ==================== End Of Log ============================ --- --- --- |
12.04.2015, 10:21 | #8 |
/// the machine /// TB-Ausbilder | Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert Nochmal sauber Neustarten bitte. Dann: FRST öffnen, Haken setzen bei Addition und scannen, poste bitte beide logs.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
12.04.2015, 10:37 | #9 |
| Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert Neustart war ok. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by ACER (administrator) on ACERPC on 12-04-2015 11:28:08 Running from C:\Users\ACER\Desktop Loaded Profiles: ACER (Available profiles: ACER) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare) HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation) HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-285109389-3928928740-2186509083-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:58242;https=127.0.0.1:58242 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKU\S-1-5-21-285109389-3928928740-2186509083-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmailer.1und1.de/;jsessionid=F5A3C1717E85CA067EEE8F0E32334521.TCpfix220a HKU\S-1-5-21-285109389-3928928740-2186509083-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> DefaultScope {96CDA478-1897-4269-AD80-9D87EC5DB261} URL = https://duckduckgo.com/?q={searchTerms} SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {5649E217-8764-48F7-A498-BBC2C0C9D66F} URL = SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-285109389-3928928740-2186509083-1001 -> {96CDA478-1897-4269-AD80-9D87EC5DB261} URL = https://duckduckgo.com/?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-05-23] (Oracle Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-05-23] (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585 FF DefaultSearchEngine: DuckDuckGo FF Homepage: https://www.startpage.com FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-05-23] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-05-23] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-285109389-3928928740-2186509083-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.) FF Extension: 1&1 MailCheck - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\14tvoldw.default-1420498969585\Extensions\toolbar@1und1.de [2015-02-26] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Profile: C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-17] CHR Extension: (Google Docs) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-17] CHR Extension: (Google Drive) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-17] CHR Extension: (YouTube) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-17] CHR Extension: (Google Search) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-17] CHR Extension: (Google Sheets) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-17] CHR Extension: (Avira Browser Safety) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-17] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17] CHR Extension: (Google Wallet) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-17] CHR Extension: (Gmail) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-17] Opera: ======= StartMenuInternet: (HKU\S-1-5-21-285109389-3928928740-2186509083-1001) OperaMail - "C:\Users\ACER\AppData\Local\Opera Mail\OperaMail.exe" ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed] S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [3053312 2014-06-26] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate) S2 MBAMService; C:\Program Files (x86)\Wartung\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate) R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated) S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2015-02-26] () R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-11 21:40 - 2015-04-11 21:37 - 02701841 _____ () C:\Users\ACER\Desktop\CBS.log 2015-04-11 20:20 - 2015-04-11 20:20 - 00000000 ____D () C:\Users\ACER\Downloads\tweaking.com_windows_repair_aio 2015-04-11 20:16 - 2015-04-11 20:17 - 10661081 _____ () C:\Users\ACER\Downloads\tweaking.com_windows_repair_aio.zip 2015-04-11 12:47 - 2015-04-11 12:48 - 01565744 _____ () C:\Users\ACER\Downloads\AVG_Remover_en.exe 2015-04-11 12:45 - 2015-04-11 12:45 - 00084759 _____ () C:\Users\ACER\Desktop\AVGInstLog.cab 2015-04-11 12:29 - 2015-04-12 09:28 - 00000000 ____D () C:\ProgramData\MFAData 2015-04-11 12:29 - 2015-04-11 12:29 - 00000000 ____D () C:\Users\ACER\AppData\Local\MFAData 2015-04-11 12:29 - 2015-04-11 12:29 - 00000000 ____D () C:\Users\ACER\AppData\Local\Avg2015 2015-04-11 12:25 - 2015-04-12 09:15 - 00098232 _____ () C:\Windows\PFRO.log 2015-04-11 12:23 - 2015-04-11 12:25 - 00471572 _____ () C:\Users\ACER\Desktop\avgremover.log 2015-04-11 12:05 - 2015-04-11 12:18 - 183952072 _____ (AVG Technologies) C:\Users\ACER\Downloads\avg_free_x64_all_2015_ltst_221_5863.exe 2015-04-11 12:03 - 2015-04-11 12:03 - 03691688 _____ () C:\Users\ACER\Downloads\AVG_Remover_2015.zip 2015-04-10 18:46 - 2015-04-12 10:09 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-285109389-3928928740-2186509083-1001 2015-04-10 18:41 - 2015-04-10 18:41 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-04-10 18:41 - 2015-04-10 18:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-10 16:51 - 2015-04-10 16:51 - 00002794 _____ () C:\Users\ACER\Desktop\FSS.txt 2015-04-10 16:51 - 2015-04-10 16:49 - 00415232 _____ (Farbar) C:\Users\ACER\Desktop\FSS.exe 2015-04-10 15:56 - 2015-04-10 15:56 - 00006858 _____ () C:\Users\ACER\Desktop\HitmanPro_20150410_1556.log 2015-04-10 15:48 - 2015-04-10 16:04 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-04-10 15:48 - 2015-04-10 15:48 - 00000000 ____D () C:\Program Files\HitmanPro 2015-04-10 14:13 - 2015-04-11 11:34 - 00000031 _____ () C:\Users\ACER\Desktop\Neues Textdokument.txt 2015-04-10 12:07 - 2015-04-12 09:19 - 00001839 _____ () C:\Windows\setupact.log 2015-04-10 12:07 - 2015-04-10 12:07 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-10 11:17 - 2015-04-12 11:26 - 00932531 _____ () C:\Windows\WindowsUpdate.log 2015-04-09 20:35 - 2015-04-09 20:35 - 00001454 _____ () C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-09 19:59 - 2015-04-10 14:46 - 00030440 _____ () C:\Users\ACER\Desktop\Addition.txt 2015-04-09 19:28 - 2015-04-09 19:28 - 00001002 _____ () C:\Users\ACER\Desktop\JRT.txt 2015-04-09 19:26 - 2015-04-09 19:26 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ACERPC-Windows-8.1-(64-bit).dat 2015-04-09 19:26 - 2015-04-09 19:26 - 00000000 ____D () C:\RegBackup 2015-04-09 19:20 - 2015-04-09 19:20 - 00010195 _____ () C:\Users\ACER\Desktop\mbam2.txt 2015-04-09 18:32 - 2015-04-09 18:32 - 00000713 _____ () C:\Users\ACER\Desktop\AdwCleaner - Verknüpfung.lnk 2015-04-09 18:24 - 2015-04-09 18:21 - 02686959 _____ (Thisisu) C:\Users\ACER\Desktop\JRT.exe 2015-04-09 18:24 - 2015-04-09 18:20 - 11028616 _____ (SurfRight B.V.) C:\Users\ACER\Desktop\HitmanPro_x64.exe 2015-04-09 18:24 - 2015-04-09 18:19 - 00165376 _____ () C:\Users\ACER\Desktop\SystemLook_x64.exe 2015-04-09 18:24 - 2015-04-09 18:14 - 00852607 _____ () C:\Users\ACER\Desktop\SecurityCheck.exe 2015-04-09 18:24 - 2015-04-09 18:10 - 02217984 _____ () C:\Users\ACER\Desktop\AdwCleaner_4.201.exe 2015-04-09 17:35 - 2015-04-09 17:37 - 00041142 _____ () C:\Users\ACER\Desktop\Addition1 (1).txt 2015-04-09 17:33 - 2015-04-12 11:28 - 00015522 _____ () C:\Users\ACER\Desktop\FRST.txt 2015-04-09 17:33 - 2015-04-12 11:28 - 00000000 ____D () C:\FRST 2015-04-09 17:33 - 2015-04-09 17:37 - 00068714 _____ () C:\Users\ACER\Desktop\Addition1 (2).txt 2015-04-09 17:32 - 2015-04-09 17:33 - 02095616 _____ (Farbar) C:\Users\ACER\Desktop\FRST64.exe 2015-04-09 17:21 - 2015-04-09 17:21 - 00447066 _____ () C:\Users\ACER\Desktop\mbam1.txt 2015-04-09 16:35 - 2015-04-09 16:35 - 00001244 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-04-09 16:35 - 2015-04-09 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-09 16:35 - 2015-04-09 16:35 - 00000000 ____D () C:\Program Files (x86)\Wartung 2015-04-09 16:32 - 2015-04-09 16:34 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\ACER\Downloads\mbam-setup-2.1.4.1018.exe 2015-04-07 19:21 - 2015-04-07 19:21 - 00003758 _____ () C:\Windows\System32\Tasks\RunTool 2015-04-07 19:20 - 2015-04-07 19:20 - 00000000 ____D () C:\Users\ACER\AppData\Local\febd4d65-44d5-43c3-99cd-f86769a9229e 2015-04-07 17:57 - 2015-04-07 17:59 - 00000000 ___SD () C:\Windows\system32\GWX 2015-04-07 17:57 - 2015-04-07 17:57 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-03-30 19:17 - 2015-04-09 20:09 - 00000000 ____D () C:\Users\ACER\Downloads\1&1 Internet AG - DSL, Hosting, Mobile Internet, Domain, Server_files 2015-03-30 19:17 - 2015-03-30 19:17 - 00026068 _____ () C:\Users\ACER\Downloads\1&1 Internet AG - DSL, Hosting, Mobile Internet, Domain, Server.html 2015-03-25 23:55 - 2015-03-11 04:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-03-25 23:55 - 2015-03-11 00:08 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-03-25 23:55 - 2015-03-11 00:08 - 00943104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-03-25 23:55 - 2015-03-11 00:08 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-03-25 23:55 - 2015-03-11 00:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-03-25 23:55 - 2015-03-11 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-03-25 23:55 - 2015-03-11 00:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-03-25 00:59 - 2015-03-25 00:59 - 00001284 _____ () C:\Users\ACER\Desktop\Revo Uninstaller.lnk 2015-03-25 00:58 - 2015-03-25 00:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ACER\Downloads\revosetup95.exe 2015-03-19 23:40 - 2015-03-12 12:59 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll 2015-03-19 23:40 - 2015-03-12 12:58 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll 2015-03-18 23:25 - 2015-03-18 23:25 - 00000000 ____D () C:\49ccf6f8-46c9-4f2f-b88e-36981013ca66 2015-03-17 13:30 - 2015-03-17 14:19 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Steganos 2015-03-17 13:30 - 2015-03-17 13:43 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Steganos VPN 2015-03-17 13:21 - 2015-03-17 13:21 - 00003144 _____ () C:\Windows\System32\Tasks\{D5B9B7D5-8BC2-45BD-A89D-16B2BF06CECB} 2015-03-17 00:46 - 2015-03-17 00:46 - 00613255 _____ (CMI Limited) C:\Users\ACER\AppData\Local\nswC163.tmp 2015-03-17 00:26 - 2015-03-17 00:26 - 00000000 ____D () C:\Users\ACER\Documents\StreamTransport 2015-03-17 00:08 - 2015-03-17 00:08 - 00001038 _____ () C:\Users\Public\Desktop\PDF-Viewer.lnk 2015-03-17 00:08 - 2015-03-17 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer 2015-03-17 00:07 - 2015-03-17 00:08 - 00000000 ____D () C:\Program Files\Tracker Software 2015-03-15 20:14 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2015-03-15 20:14 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2015-03-15 20:14 - 2015-02-07 01:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml 2015-03-15 20:14 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-03-15 20:14 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2015-03-15 20:14 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-03-15 20:14 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2015-03-15 20:14 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2015-03-15 20:14 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2015-03-15 20:14 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll 2015-03-15 20:14 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2015-03-15 20:14 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2015-03-15 20:14 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll 2015-03-15 20:14 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2015-03-15 20:14 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll 2015-03-15 20:14 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys 2015-03-15 20:14 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys 2015-03-15 20:14 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll 2015-03-15 20:14 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll 2015-03-15 20:14 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll 2015-03-15 20:14 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll 2015-03-15 20:14 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll 2015-03-15 20:14 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll 2015-03-15 20:14 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll 2015-03-15 20:14 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll 2015-03-15 20:14 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll 2015-03-15 20:14 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll 2015-03-15 20:14 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll 2015-03-15 20:14 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll 2015-03-15 20:14 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll 2015-03-15 20:14 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll 2015-03-15 20:14 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll 2015-03-15 20:14 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-15 20:14 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2015-03-15 20:14 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2015-03-15 20:14 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-15 20:14 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-03-15 20:14 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2015-03-15 20:14 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2015-03-15 20:14 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-03-15 20:14 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll 2015-03-15 20:14 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll 2015-03-15 20:14 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe 2015-03-15 20:14 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe 2015-03-15 20:14 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2015-03-15 20:14 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2015-03-15 20:14 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe 2015-03-15 20:13 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2015-03-15 20:13 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-12 11:27 - 2014-08-14 19:23 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Skype 2015-04-12 11:26 - 2014-11-19 12:34 - 00000000 __RDO () C:\Users\ACER\OneDrive 2015-04-12 11:25 - 2013-12-19 11:25 - 00065536 _____ () C:\Windows\system32\spu_storage.bin 2015-04-12 09:41 - 2014-07-26 19:21 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-12 09:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-04-12 09:26 - 2014-02-15 21:41 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{24C2E650-C124-4299-A085-B8D56F0EF902} 2015-04-12 09:25 - 2014-05-20 23:17 - 00205312 ___SH () C:\Users\ACER\Desktop\Thumbs.db 2015-04-12 09:24 - 2013-12-19 19:56 - 00660862 _____ () C:\Windows\system32\perfh007.dat 2015-04-12 09:24 - 2013-12-19 19:56 - 00134562 _____ () C:\Windows\system32\perfc007.dat 2015-04-12 09:24 - 2013-09-06 09:08 - 01561384 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-12 09:20 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-12 09:19 - 2013-08-22 15:25 - 00524288 ___SH () C:\Windows\system32\config\BBI 2015-04-12 09:15 - 2013-08-22 16:44 - 00365096 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-04-11 22:52 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-04-11 22:10 - 2013-08-22 15:25 - 00000160 _____ () C:\Windows\win.ini 2015-04-11 20:25 - 2014-08-14 15:07 - 00000000 ____D () C:\Windows\pss 2015-04-11 12:32 - 2014-09-24 13:07 - 00000000 ____D () C:\Program Files (x86)\AVG 2015-04-11 12:22 - 2014-09-09 17:11 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\ACER\Desktop\avg_remover_stf_x64_2015_5501.exe 2015-04-10 19:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru 2015-04-10 18:41 - 2015-03-06 18:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-10 15:15 - 2014-09-09 20:31 - 00000000 ____D () C:\AdwCleaner 2015-04-10 14:34 - 2014-11-25 22:59 - 00215040 ___SH () C:\Users\ACER\Downloads\Thumbs.db 2015-04-09 21:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF 2015-04-09 21:24 - 2014-04-15 19:52 - 00000000 ____D () C:\Users\ACER\AppData\Local\CrashDumps 2015-04-09 20:32 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache 2015-04-09 18:34 - 2014-08-14 13:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-09 18:28 - 2014-02-15 04:01 - 00000000 ____D () C:\Users\ACER 2015-03-26 23:08 - 2014-12-13 01:03 - 00000000 ____D () C:\Windows\system32\appraiser 2015-03-26 23:08 - 2014-07-10 22:32 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-03-26 00:00 - 2014-05-02 22:32 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\vlc 2015-03-21 19:34 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Sysprep 2015-03-21 19:34 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\servicing 2015-03-21 19:23 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\registration 2015-03-21 19:22 - 2014-05-02 23:19 - 00000000 ____D () C:\Users\ACER\AppData\Local\Google 2015-03-20 01:01 - 2014-07-10 21:00 - 00000000 ____D () C:\Users\ACER\AppData\Local\Adobe 2015-03-18 01:26 - 2014-05-13 18:09 - 00000000 ____D () C:\Program Files\Recuva 2015-03-17 06:15 - 2014-08-14 13:33 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-17 06:15 - 2014-08-14 13:33 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-17 06:15 - 2014-08-14 13:33 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-17 00:54 - 2014-05-02 23:19 - 00000000 ____D () C:\Program Files (x86)\Google 2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData 2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore 2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-16 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-03-15 23:27 - 2014-04-05 17:04 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-15 23:22 - 2014-04-05 17:04 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Files in the root of some directories ======= 2014-08-06 16:51 - 2014-08-12 11:40 - 0016958 _____ () C:\Users\ACER\AppData\Local\gem.ico 2014-08-06 16:51 - 2014-08-12 11:40 - 0127112 _____ () C:\Users\ACER\AppData\Local\mybet.ico 2014-08-12 13:34 - 2014-08-12 13:34 - 0575544 _____ (ClickMeIn Limited) C:\Users\ACER\AppData\Local\nsgAB37.tmp 2015-03-17 00:46 - 2015-03-17 00:46 - 0613255 _____ (CMI Limited) C:\Users\ACER\AppData\Local\nswC163.tmp 2014-08-10 23:02 - 2014-08-10 23:02 - 0000932 _____ () C:\Users\ACER\AppData\Local\recently-used.xbel 2014-04-05 16:34 - 2014-04-05 16:34 - 0000017 _____ () C:\Users\ACER\AppData\Local\resmon.resmoncfg 2013-12-19 11:30 - 2013-12-19 11:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-09 17:41 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by ACER at 2015-04-12 11:30:11 Running from C:\Users\ACER\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated) Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.00.3000 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8101 - Acer Incorporated) Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.3001 - Acer Incorporated) AMD Catalyst Install Manager (HKLM\...\{4465D909-4FA8-86D2-121C-676BB60E63D7}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks) CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP) ETDWare PS/2-X64 11.6.27.201_WHQL (HKLM\...\Elantech) (Version: 11.6.27.201 - ELAN Microelectronic Corp.) Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation) Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.312.1 - Tracker Software Products Ltd) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications) Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-285109389-3928928740-2186509083-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-285109389-3928928740-2186509083-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-285109389-3928928740-2186509083-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-285109389-3928928740-2186509083-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-285109389-3928928740-2186509083-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-285109389-3928928740-2186509083-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) ==================== Restore Points ========================= 22-03-2015 19:49:29 LavasoftWeCompanion 26-03-2015 23:05:06 Windows Update 07-04-2015 17:55:26 Windows Modules Installer 09-04-2015 20:29:37 Windows Modules Installer 11-04-2015 12:20:29 Removed AVG 2015 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2015-04-11 22:10 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1E0A6BB6-7981-45CC-99D3-AEBB5D8A1989} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated) Task: {1F4D77D0-56BD-43DE-AE72-78521B487C24} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-15] (Microsoft Corporation) Task: {1FE1F153-7E78-4A28-B2A5-B8CA66D682AD} - System32\Tasks\{842D99C5-0D6E-48C7-83F2-B720256ADA68} => pcalua.exe -a "C:\Program Files\Reimage\Reimage Repair\uninst.exe" Task: {245AF862-9C26-4B71-BB65-94A50076E3CE} - System32\Tasks\{1ED86A35-2052-46D9-A721-FB3E769F7F82} => Iexplore.exe http://ui.skype.com/ui/0/6.18.0.106/de/abandoninstall?source=lightinstaller&page=tsMain Task: {34D9F19F-CE91-49AA-8674-58171BE3E021} - System32\Tasks\ApplicationCompatibilityauf => C:\Windows\hh64.exe Task: {539332B6-50AB-4186-9424-B9F14CAB0676} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd) Task: {546301A8-A38F-4790-8FE8-42EC180792ED} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] () Task: {566B7660-B965-40DE-AEE5-4E3D72938FA1} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-03] (Acer Incorporate) Task: {5F846995-83DC-41BD-964E-5212158849BA} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] () Task: {66547D75-40C9-45E4-80EB-819DDC3EFB83} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: {7243063F-46DB-4B6F-9F8F-C2B76FBB2143} - System32\Tasks\RunTool => C:\Users\ACER\AppData\Local\febd4d65-44d5-43c3-99cd-f86769a9229e\sysad.exe [2015-04-07] () Task: {813FEA59-09A6-4910-B7AD-649A244B7768} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2013-08-02] (Acer Incorporate) Task: {8782D9F2-F096-4E66-ACB1-BBB5E85B0B3B} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {97B2FCA8-1A10-4F37-974D-27F0458C3C6E} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe Task: {99958243-F6DF-44B9-B1D3-9E7746D277F7} - System32\Tasks\ACER NBAgent 15 0 => C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBAgent.exe Task: {9DF5D28C-8F74-4CC1-A387-2DC5D32FD33A} - System32\Tasks\{ECDF465A-384D-497E-A7AE-64738EA892B9} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1 Task: {A36A8105-6733-490B-9484-67E0FC475D6B} - System32\Tasks\{1CFB0DF4-9366-48BE-9892-3A05990E270D} => pcalua.exe -a "C:\Program Files (x86)\FotoWorksXL2014\unins000.exe" Task: {A57CCAB0-A3AC-46CE-B006-2972C6656911} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-26] (Google Inc.) Task: {C8058DA3-E360-4493-BCFE-8B0199E8055C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-26] (Google Inc.) Task: {CA1B2D26-5F6B-4B1C-BD39-CF4124E1E5A8} - System32\Tasks\{D5B9B7D5-8BC2-45BD-A89D-16B2BF06CECB} => pcalua.exe -a C:\Users\ACER\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cmi Task: {D351BB32-A757-413A-8958-145F7C599493} - System32\Tasks\{8E512067-F40B-4D10-A757-348220C989E8} => Iexplore.exe http://ui.skype.com/ui/0/6.18.0.106/de/abandoninstall?source=lightinstaller&page=tsMain Task: {D3CA65F7-0742-4C68-9447-508938417B63} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {E84E0E46-245F-4B45-831C-8D255E559D31} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {F83946E6-618D-47B7-9983-7ADF170A6A5B} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-09-12] (Acer Incorporated) Task: {FC0BF0FE-C410-40C7-98C4-4FC043D1A27E} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-04-06 15:04 - 2005-04-22 06:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll 2014-12-03 01:16 - 2014-12-03 01:16 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll 2014-11-21 19:26 - 2014-06-04 11:21 - 00571904 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll 2014-11-21 19:26 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\ACER\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-285109389-3928928740-2186509083-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: 3a37b93a => 2 MSCONFIG\Services: bobyzoom => 2 MSCONFIG\Services: bzwdg => 2 MSCONFIG\Services: DoReMe => 2 MSCONFIG\Services: Gambali => 2 MSCONFIG\Services: globalUpdate => 2 MSCONFIG\Services: globalUpdatem => 3 MSCONFIG\Services: IHProtect Service => 2 MSCONFIG\Services: PCSUService => 2 MSCONFIG\Services: rWdwohv => 2 MSCONFIG\Services: SCService => 2 HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "BlockAndSurf" HKLM\...\StartupApproved\Run32: => "fst_de_135" HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\StartupApproved\StartupFolder: => "crossbrowse.lnk" HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\StartupApproved\Run: => "eM Client" HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F6515CCC0E7A16819F399CD8FB2F0977" HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\StartupApproved\Run: => "Optimizer Pro" HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\StartupApproved\Run: => "PCSpeedUp" ==================== Accounts: ============================= ACER (S-1-5-21-285109389-3928928740-2186509083-1001 - Administrator - Enabled) => C:\Users\ACER Administrator (S-1-5-21-285109389-3928928740-2186509083-500 - Administrator - Disabled) Gast (S-1-5-21-285109389-3928928740-2186509083-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-285109389-3928928740-2186509083-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Dell 3333dn Description: Dell 3333dn Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Dell Service: usbscan Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/12/2015 09:34:44 AM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT) Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services. Error: (04/12/2015 09:26:24 AM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT) Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services. Error: (04/12/2015 09:20:09 AM) (Source: Windows Search Service) (EventID: 10021) (User: ) Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0. Error: (04/12/2015 09:20:08 AM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut. Kontext: Anwendung, SystemIndex Katalog Error: (04/12/2015 09:20:06 AM) (Source: Windows Search Service) (EventID: 3006) (User: ) Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut. Error: (04/11/2015 10:52:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: ACERPC) Description: Die Zeichenfolgen der Leistungsindikatoren für Dienst ".NET CLR Data" () konnten nicht installiert werden. Der Fehlercode ist das erste DWORD im Datenbereich. Error: (04/11/2015 10:52:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: ACERPC) Description: Die Zeichenfolgen der Leistungsindikatoren für Dienst ".NET CLR Networking" () konnten nicht installiert werden. Der Fehlercode ist das erste DWORD im Datenbereich. Error: (04/11/2015 10:52:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: ACERPC) Description: Die Zeichenfolgen der Leistungsindikatoren für Dienst ".NET Data Provider for Oracle" () konnten nicht installiert werden. Der Fehlercode ist das erste DWORD im Datenbereich. Error: (04/11/2015 10:52:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: ACERPC) Description: Die Zeichenfolgen der Leistungsindikatoren für Dienst ".NET Data Provider for SqlServer" () konnten nicht installiert werden. Der Fehlercode ist das erste DWORD im Datenbereich. Error: (04/11/2015 10:52:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: ACERPC) Description: Die Zeichenfolgen der Leistungsindikatoren für Dienst ".NETFramework" () konnten nicht installiert werden. Der Fehlercode ist das erste DWORD im Datenbereich. System errors: ============= Error: (04/12/2015 11:26:35 AM) (Source: DCOM) (EventID: 10016) (User: ACERPC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ACERPCACERS-1-5-21-285109389-3928928740-2186509083-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (04/12/2015 11:26:35 AM) (Source: DCOM) (EventID: 10016) (User: ACERPC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ACERPCACERS-1-5-21-285109389-3928928740-2186509083-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (04/12/2015 11:26:35 AM) (Source: DCOM) (EventID: 10016) (User: ACERPC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ACERPCACERS-1-5-21-285109389-3928928740-2186509083-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (04/12/2015 11:26:35 AM) (Source: DCOM) (EventID: 10016) (User: ACERPC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ACERPCACERS-1-5-21-285109389-3928928740-2186509083-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (04/12/2015 11:26:35 AM) (Source: DCOM) (EventID: 10016) (User: ACERPC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ACERPCACERS-1-5-21-285109389-3928928740-2186509083-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (04/12/2015 11:26:35 AM) (Source: DCOM) (EventID: 10016) (User: ACERPC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ACERPCACERS-1-5-21-285109389-3928928740-2186509083-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (04/12/2015 11:26:35 AM) (Source: DCOM) (EventID: 10016) (User: ACERPC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ACERPCACERS-1-5-21-285109389-3928928740-2186509083-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (04/12/2015 11:26:35 AM) (Source: DCOM) (EventID: 10016) (User: ACERPC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ACERPCACERS-1-5-21-285109389-3928928740-2186509083-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (04/12/2015 11:26:35 AM) (Source: DCOM) (EventID: 10016) (User: ACERPC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ACERPCACERS-1-5-21-285109389-3928928740-2186509083-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (04/12/2015 11:26:35 AM) (Source: DCOM) (EventID: 10016) (User: ACERPC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ACERPCACERS-1-5-21-285109389-3928928740-2186509083-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Microsoft Office Sessions: ========================= Error: (04/12/2015 09:34:44 AM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT) Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/12/2015 09:26:24 AM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT) Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/12/2015 09:20:09 AM) (Source: Windows Search Service) (EventID: 10021) (User: ) Description: WSearchIdxPiDer Vorgang wurde erfolgreich beendet. 0x0 Error: (04/12/2015 09:20:08 AM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Error: (04/12/2015 09:20:06 AM) (Source: Windows Search Service) (EventID: 3006) (User: ) Description: Error: (04/11/2015 10:52:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: ACERPC) Description: .NET CLR Data29F0F Error: (04/11/2015 10:52:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: ACERPC) Description: .NET CLR Networking29F0F Error: (04/11/2015 10:52:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: ACERPC) Description: .NET Data Provider for Oracle29F0F Error: (04/11/2015 10:52:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: ACERPC) Description: .NET Data Provider for SqlServer29F0F Error: (04/11/2015 10:52:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: ACERPC) Description: .NETFramework29F0F CodeIntegrity Errors: =================================== Date: 2015-04-10 19:02:28.867 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-03-19 22:55:38.559 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-19 22:55:38.059 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-19 22:55:37.543 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-19 22:55:34.840 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-19 22:55:34.090 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-17 15:24:43.700 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-17 15:24:43.059 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-17 15:23:10.240 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-17 15:23:09.616 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics Percentage of memory in use: 33% Total physical RAM: 3525.01 MB Available physical RAM: 2341.55 MB Total Pagefile: 7365.01 MB Available Pagefile: 5852.05 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:914.56 GB) (Free:753.2 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 281D01AB) Partition: GPT Partition Type. ==================== End Of Log ============================ |
12.04.2015, 17:48 | #10 |
/// the machine /// TB-Ausbilder | Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert Du hast unter msconfig viele Dienste deaktiviert, alle wieder aktivieren, dann ein frisches FRST log. Da ist Malware daebei die richtig entfernt werden muss.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
12.04.2015, 18:39 | #11 |
| Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert Ich konnte mich erst gar nicht erinnern, die Dienste deaktiviert haben. Jetzt sehe ich, dass ich das mit FRST gemacht habe (s. Post #1 eigene Fixlog.txt) Wie bekomme ich die denn jetzt wieder aktiviert? In der Msconfig sind keine Einträge. Gruß Riddle |
13.04.2015, 09:09 | #12 |
/// the machine /// TB-Ausbilder | Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiertCode:
ATTFilter MSCONFIG\Services: 3a37b93a => 2 MSCONFIG\Services: bobyzoom => 2 MSCONFIG\Services: bzwdg => 2 MSCONFIG\Services: DoReMe => 2 MSCONFIG\Services: Gambali => 2 MSCONFIG\Services: globalUpdate => 2 MSCONFIG\Services: globalUpdatem => 3 MSCONFIG\Services: IHProtect Service => 2 MSCONFIG\Services: PCSUService => 2 MSCONFIG\Services: rWdwohv => 2 MSCONFIG\Services: SCService => 2 HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "BlockAndSurf" HKLM\...\StartupApproved\Run32: => "fst_de_135" HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\StartupApproved\StartupFolder: => "crossbrowse.lnk" HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\StartupApproved\Run: => "eM Client" HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F6515CCC0E7A16819F399CD8FB2F0977" HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\StartupApproved\Run: => "Optimizer Pro" HKU\S-1-5-21-285109389-3928928740-2186509083-1001\...\StartupApproved\Run: => "PCSpeedUp" in MSCONFIG einfach wieder aktivieren.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.04.2015, 10:41 | #13 |
| Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert Welche Du meinst ist mir klar. Die sind aber in MSconfig nicht aufgeführt. Nur in der Registry sehe ich entsprechende Einträge noch. Was kann ich jetzt tun??? |
13.04.2015, 14:39 | #14 |
| Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert Nachtrag: Ich habe mich gestern mit den Logs vertan, die Services und die anderen Einträge stehen nicht in der Fixlog.txt, sondern im Log von ADWCleaner (Post #1). Aber wie dem auch sei, kann es sein, dass FRST jetzt nur noch "Reste" in der Registry findet? Oder liege ich da völlig falsch??? |
13.04.2015, 19:00 | #15 |
/// the machine /// TB-Ausbilder | Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert FRST listet in dem Bereich nur das, was unter Msconfig steht. Zeig mal bitte einen Screenshot von Msconfig.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert |
askbar, avg problem, bobyzoom, crossbrowse, defender inaktiv, extensioninstallforcelist, installmanager.exe, launch, optimizer pro, tracker, web companion, windowsapps |