| |
| |||||||
Log-Analyse und Auswertung: Windows 8: Laptop plötzlich deutlich langsamerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
19.03.2014, 22:38
| #1 |
 |  Windows 8: Laptop plötzlich deutlich langsamer Hallo, ich habe seit ein paar Tagen das Problem, dass mein Laptop (Windows 8) zwischendurch immer extrem langsam wird; meist für ca. eine halbe Stunde. Außerdem öffnet sich, wenn ich im Internet (Browser: Google Chrome) bin, folgende Seite: hxxp://wrapper.z5x.net/prepop.html?ad_type=pop&ad_size=0x0§ion=5137008&banned_pop_types=23&prepopped_width=800&prepopped_height=600&pop_times=20&pop_frequency=0&pub_url= immer wieder von alleine. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:11 on 19/03/2014 (Tobias)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Tobias (administrator) on TOBIAS on 19-03-2014 18:29:23
Running from C:\Users\Tobias\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
() C:\Program Files (x86)\RightSurf\updateRightSurf.exe
() C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe
() C:\Program Files (x86)\RightSurf\bin\FilterApp_C64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Users\Tobias\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe
(Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\RightSurf\bin\XTLSApp.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
() C:\Program Files (x86)\Acer\Live Updater\updater.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKU\S-1-5-21-1653954418-1097860707-3373369385-1001\...\Run: [Pokki] - C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\S-1-5-21-1653954418-1097860707-3373369385-1001\...\Run: [AcerCloud] - C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [18247424 2014-02-13] (Acer Incorporated)
HKU\S-1-5-21-1653954418-1097860707-3373369385-1001\...\RunOnce: [Application Restart #1] - C:\Users\Tobias\AppData\Local\Pokki\Engine\pokki.exe [8252744 2013-11-01] (Pokki)
HKU\S-1-5-21-1653954418-1097860707-3373369385-1001\...\MountPoints2: {d041ba38-8d63-11e3-825b-3065ec2edea0} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-1653954418-1097860707-3373369385-1001\...\MountPoints2: {d041bf71-8d63-11e3-825b-3065ec2edea0} - "E:\HTC_Sync_Manager_PC.exe"
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {6F77DAF3-267F-49D8-B15C-054753F1E11A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 - {6F77DAF3-267F-49D8-B15C-054753F1E11A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {6F77DAF3-267F-49D8-B15C-054753F1E11A} URL =
SearchScopes: HKCU - {6F77DAF3-267F-49D8-B15C-054753F1E11A} URL =
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll No File
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL No File
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: RightSurf - {88be1aa9-6740-461c-9e3e-f35eb8fa741c} - C:\Program Files (x86)\RightSurf\RightSurfbho.dll (RightSurf)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-05]
CHR Extension: (Google Drive) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-05]
CHR Extension: (YouTube) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-05]
CHR Extension: (Google-Suche) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-05]
CHR Extension: (AdBlock) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-05]
CHR Extension: (Google Wallet) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-05]
CHR Extension: (Google Mail) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-05]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2797312 2013-12-06] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [737512 2014-03-01] (Microsoft Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
R2 Update RightSurf; C:\Program Files (x86)\RightSurf\updateRightSurf.exe [348960 2014-03-18] ()
R2 Util RightSurf; C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe [348960 2014-03-18] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [493568 2014-02-03] (Cherished Technololgy LIMITED)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-14] (StdLib)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-19 18:26 - 2014-03-19 18:28 - 00027312 _____ () C:\Users\Tobias\Desktop\Addition.txt
2014-03-19 18:20 - 2014-03-19 18:29 - 00016659 _____ () C:\Users\Tobias\Desktop\FRST.txt
2014-03-19 18:18 - 2014-03-19 18:29 - 00000000 ____D () C:\FRST
2014-03-19 18:10 - 2014-03-19 18:11 - 00000474 _____ () C:\Users\Tobias\Desktop\defogger_disable.log
2014-03-19 18:10 - 2014-03-19 18:10 - 00000000 _____ () C:\Users\Tobias\defogger_reenable
2014-03-19 18:08 - 2014-03-19 18:09 - 02157056 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64.exe
2014-03-19 18:08 - 2014-03-19 18:09 - 00380416 _____ () C:\Users\Tobias\Desktop\Gmer-19357.exe
2014-03-19 18:08 - 2014-03-19 18:08 - 00050477 _____ () C:\Users\Tobias\Desktop\Defogger.exe
2014-03-14 15:54 - 2014-03-14 15:54 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-12 20:26 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 20:26 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 20:26 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 20:26 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 20:26 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 20:26 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 20:26 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 20:26 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 20:26 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 20:26 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 20:26 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 20:26 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 20:26 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 20:26 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 20:26 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 20:26 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 20:26 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 20:26 - 2014-01-31 17:15 - 00311640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-03-12 20:26 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-03-12 20:26 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-03-12 20:26 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-03-12 20:26 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2014-03-12 20:26 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-03-12 20:26 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2014-03-12 20:26 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2014-03-12 20:26 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2014-03-12 20:26 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-12 20:26 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2014-03-12 20:26 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2014-03-12 20:26 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2014-03-12 20:26 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-03-12 20:26 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-03-12 20:26 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2014-03-12 20:26 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-12 20:26 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2014-03-12 20:26 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-12 20:26 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2014-03-12 20:26 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-12 20:26 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2014-03-12 20:26 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-12 20:26 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-12 20:26 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2014-03-12 20:26 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2014-03-12 20:26 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-12 20:26 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-12 20:26 - 2014-01-27 12:45 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-03-12 20:26 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-03-12 20:26 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-03-12 20:26 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-03-12 20:26 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2014-03-12 20:26 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-03-12 20:26 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-03-12 20:25 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-12 20:25 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-03-12 20:25 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-12 20:24 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 20:24 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 20:24 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-02-21 15:58 - 2014-03-10 12:28 - 00008235 _____ () C:\Users\Tobias\Documents\FifaKM.xlsx
2014-02-21 15:58 - 2014-02-21 15:58 - 00000000 ____D () C:\Users\Tobias\Documents\Benutzerdefinierte Office-Vorlagen
2014-02-18 10:50 - 2014-02-18 10:51 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\.technic
2014-02-18 10:49 - 2014-02-18 10:50 - 02346186 _____ () C:\Users\Tobias\Desktop\TechnicLauncher.exe
2014-02-17 23:30 - 2014-02-17 23:30 - 00000000 ____D () C:\AcerCloud
==================== One Month Modified Files and Folders =======
2014-03-19 18:29 - 2014-03-19 18:20 - 00016659 _____ () C:\Users\Tobias\Desktop\FRST.txt
2014-03-19 18:29 - 2014-03-19 18:18 - 00000000 ____D () C:\FRST
2014-03-19 18:28 - 2014-03-19 18:26 - 00027312 _____ () C:\Users\Tobias\Desktop\Addition.txt
2014-03-19 18:26 - 2014-01-06 20:05 - 01224107 _____ () C:\Windows\WindowsUpdate.log
2014-03-19 18:25 - 2013-08-22 14:25 - 00000222 _____ () C:\Windows\win.ini
2014-03-19 18:15 - 2014-02-03 12:59 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-19 18:11 - 2014-03-19 18:10 - 00000474 _____ () C:\Users\Tobias\Desktop\defogger_disable.log
2014-03-19 18:10 - 2014-03-19 18:10 - 00000000 _____ () C:\Users\Tobias\defogger_reenable
2014-03-19 18:10 - 2014-02-03 11:37 - 00000000 ____D () C:\Users\Tobias
2014-03-19 18:09 - 2014-03-19 18:08 - 02157056 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64.exe
2014-03-19 18:09 - 2014-03-19 18:08 - 00380416 _____ () C:\Users\Tobias\Desktop\Gmer-19357.exe
2014-03-19 18:08 - 2014-03-19 18:08 - 00050477 _____ () C:\Users\Tobias\Desktop\Defogger.exe
2014-03-19 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-03-19 17:51 - 2014-02-03 16:49 - 00000117 _____ () C:\Users\Tobias\AppData\Roaming\WB.CFG
2014-03-19 17:51 - 2014-02-03 16:47 - 00000310 _____ () C:\Windows\Tasks\Digital Sites.job
2014-03-19 17:49 - 2014-02-03 11:59 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4856305F-85FF-4896-8E1F-D88A082D12E7}
2014-03-19 17:18 - 2014-02-03 11:46 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1653954418-1097860707-3373369385-1001
2014-03-19 17:14 - 2014-02-03 12:59 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-19 17:14 - 2014-02-03 12:59 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-19 17:13 - 2014-02-03 11:45 - 00000000 __RDO () C:\Users\Tobias\SkyDrive
2014-03-18 20:52 - 2014-01-06 20:19 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-03-18 18:23 - 2014-02-16 13:45 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\.minecraft
2014-03-18 12:24 - 2014-02-03 11:37 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Pokki
2014-03-16 19:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-03-15 18:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-03-15 13:38 - 2014-01-07 04:50 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-03-15 13:38 - 2014-01-07 04:50 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-03-15 13:38 - 2013-09-06 08:08 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-15 13:32 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-15 13:32 - 2013-08-22 15:44 - 00473704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-15 13:31 - 2014-02-12 21:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 13:31 - 2014-02-12 21:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-15 13:31 - 2014-02-03 16:48 - 00000000 ____D () C:\Program Files (x86)\RightSurf
2014-03-15 13:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-15 13:29 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 13:29 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 13:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-15 13:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-14 15:54 - 2014-03-14 15:54 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-13 19:48 - 2013-08-22 15:46 - 00160485 _____ () C:\Windows\setupact.log
2014-03-10 12:28 - 2014-02-21 15:58 - 00008235 _____ () C:\Users\Tobias\Documents\FifaKM.xlsx
2014-03-10 11:34 - 2014-02-04 17:42 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Deployment
2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-01 07:05 - 2014-03-12 20:26 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 05:58 - 2014-03-12 20:26 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:30 - 2014-03-12 20:26 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:17 - 2014-03-12 20:26 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 04:54 - 2014-03-12 20:26 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:47 - 2014-03-12 20:26 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:42 - 2014-03-12 20:26 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:18 - 2014-03-12 20:26 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:14 - 2014-03-12 20:26 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 20:26 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 20:26 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 03:57 - 2014-03-12 20:26 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 20:26 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 20:26 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 20:26 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 20:26 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 20:26 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-21 15:58 - 2014-02-21 15:58 - 00000000 ____D () C:\Users\Tobias\Documents\Benutzerdefinierte Office-Vorlagen
2014-02-19 21:01 - 2014-02-03 11:40 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Packages
2014-02-18 11:09 - 2014-02-03 12:59 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-18 11:09 - 2014-02-03 12:59 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-18 10:51 - 2014-02-18 10:50 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\.technic
2014-02-18 10:50 - 2014-02-18 10:49 - 02346186 _____ () C:\Users\Tobias\Desktop\TechnicLauncher.exe
2014-02-17 23:31 - 2013-09-06 08:16 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-02-17 23:30 - 2014-02-17 23:30 - 00000000 ____D () C:\AcerCloud
2014-02-17 23:30 - 2014-02-03 11:42 - 00000000 ____D () C:\Users\Tobias\AppData\Local\clear.fi
2014-02-17 23:29 - 2014-02-03 11:40 - 00000000 ___RD () C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-17 23:29 - 2014-02-03 11:40 - 00000000 ___RD () C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-17 23:24 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-02-17 23:24 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-02-17 23:24 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager
2014-02-17 23:24 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera
2014-02-17 23:24 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-02-17 23:24 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\Dism
2014-02-17 23:22 - 2013-09-06 08:48 - 00000000 ___HD () C:\OEM
2014-02-17 19:42 - 2014-02-03 11:49 - 00000000 ____D () C:\ProgramData\clear.fi
2014-02-17 18:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-17 12:06 - 2014-02-09 14:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 12:04 - 2014-02-09 14:46 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Tobias\AppData\Local\Temp\avgnt.exe
C:\Users\Tobias\AppData\Local\Temp\BackupSetup.exe
C:\Users\Tobias\AppData\Local\Temp\octFEF1.tmp.exe
C:\Users\Tobias\AppData\Local\Temp\Offercast_AVIRAV7_.exe
C:\Users\Tobias\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Tobias\AppData\Local\Temp\Quarantine.exe
C:\Users\Tobias\AppData\Local\Temp\Setup.X86.de-DE_O365HomePremRetail_b46f46a3-4166-4c9d-a30f-21dfb2cfdffe_TX_DB_.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-12 20:26] - [2014-01-31 17:15] - 0311640 ____A (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
LastRegBack: 2014-03-15 18:12
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Tobias at 2014-03-19 18:31:18
Running from C:\Users\Tobias\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.03.3000 - Acer Incorporated)
Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 2.04.2005 - Acer)
Acer Games (HKCU\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.9.43466 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.3002.6 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.3003.1 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.00.3000 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8101 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2002 - Acer Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Accelerated Video Transcoding (Version: 13.15.100.30925 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0925.645.10236 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{4465D909-4FA8-86D2-121C-676BB60E63D7}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-4300-A758B70C0A03}) (Version: 12.10.3.4488 - APN, LLC)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3126.57 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.3126.57 - CyberLink Corp.) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ETDWare PS/2-X64 11.6.27.201_WHQL (HKLM\...\Elantech) (Version: 11.6.27.201 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
IePluginService12.27.0.3326 (HKLM-x32\...\IePlugins) (Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office 365 Home Premium - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4569.1508 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Nero BackItUp (x32 Version: 12.5.11000 - Nero AG) Hidden
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Nero BackItUp Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15900 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20900 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{276FD4A2-030F-8A24-7DFE-9B1384131BCD}) (Version: 1.00.0000 - Ihr Firmenname)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki (HKCU\...\Pokki) (Version: 0.266.1.172 - Pokki)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
RightSurf (HKLM\...\RightSurf) (Version: 2014.02.01.021226 - RightSurf) <==== ATTENTION
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
SupTab (HKLM-x32\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update for Zip Opener (HKCU\...\Digital Sites) (Version: - Update for Zip Opener) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WPM17.8.0.3325 (HKLM-x32\...\WPM) (Version: 17.8.0.3325 - Cherished Technololgy LIMITED) <==== ATTENTION
==================== Restore Points =========================
17-02-2014 11:03:00 Windows Update
20-02-2014 20:48:14 Windows Update
05-03-2014 20:27:54 Geplanter Prüfpunkt
14-03-2014 19:21:34 Windows Update
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {01E57081-8F6D-43B5-BAF2-E738ED7DDEBD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-03-19] (Microsoft Corporation)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1C9BA6CC-56BA-4F04-A09A-3DD412BD5E08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {260865A4-6D9A-40BA-B48F-8FDE7CA92F07} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-02-17] (Microsoft Corporation)
Task: {292AE016-ACC5-40A4-BBA1-1383DF0D82D0} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {546301A8-A38F-4790-8FE8-42EC180792ED} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {566B7660-B965-40DE-AEE5-4E3D72938FA1} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-03] (Acer Incorporate)
Task: {5D60446D-DE68-4526-9150-D96C852830E8} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {5F846995-83DC-41BD-964E-5212158849BA} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {78B62238-5B3D-4123-B869-12A7A82F3BD1} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2013-08-02] (Acer Incorporate)
Task: {7D3E278D-3252-4857-9E37-8FBA07EA5D4F} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-09-12] (Acer Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8CF468D7-3176-4E52-A1B8-656703639396} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2014-02-13] (Acer Incorporated)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A3C61DEE-C44C-41B5-9459-00781C1EADE6} - \RegClean Pro_DEFAULT No Task File
Task: {ABF7EEFC-BC03-41FF-9492-A5151D79AE3C} - System32\Tasks\Digital Sites => C:\Users\Tobias\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {BEE848B2-9F6E-4309-B1C4-D8C558C99A49} - \RegClean Pro No Task File
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D0BCFB00-53AB-42AE-9C82-99CE58D2485A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2014-03-01] (Microsoft Corporation)
Task: {D3552DC2-4396-4250-AC35-7D9F026D9A18} - \Advanced System Protector_startup No Task File
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F477479A-B34D-41D3-8339-83141A839D52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.)
Task: {F959240B-1896-4AB2-9F6A-67030212620E} - \RegClean Pro_UPDATES No Task File
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Tobias\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-02-04 17:10 - 2014-01-02 18:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-02-01 04:23 - 2014-03-18 12:25 - 00348960 _____ () C:\Program Files (x86)\RightSurf\updateRightSurf.exe
2014-02-03 17:52 - 2014-03-18 12:26 - 00348960 _____ () C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe
2014-03-14 15:54 - 2014-03-14 15:54 - 00287008 _____ () C:\Program Files (x86)\RightSurf\bin\FilterApp_C64.exe
2013-04-12 15:10 - 2013-04-12 15:10 - 00113152 _____ () C:\Users\Tobias\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe
2014-03-19 18:25 - 2014-03-19 10:54 - 00078624 _____ () C:\Program Files (x86)\RightSurf\bin\XTLSApp.exe
2013-07-08 22:34 - 2013-07-08 22:34 - 04150312 _____ () C:\Program Files (x86)\Acer\Live Updater\updater.exe
2014-02-03 12:31 - 2013-12-09 11:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-03-15 11:19 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-01-06 20:49 - 2013-07-30 18:11 - 00088648 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2014-03-19 18:25 - 2014-03-19 10:54 - 00121632 _____ () C:\Program Files (x86)\RightSurf\bin\xtlsapp.dll
2014-03-15 11:19 - 2014-03-15 01:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 11:19 - 2014-03-15 01:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 11:19 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 11:19 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 11:19 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-15 11:19 - 2014-03-15 01:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Tobias\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/19/2014 06:04:07 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (03/19/2014 05:12:19 PM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.
Error: (03/18/2014 06:48:54 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (03/17/2014 01:20:03 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (03/16/2014 00:19:44 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (03/16/2014 11:56:47 AM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.
Error: (03/15/2014 03:38:37 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (03/15/2014 03:30:21 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (03/15/2014 01:27:57 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU maximum number of session has been surpassed
Error: (03/15/2014 01:27:44 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU maximum number of session has been surpassed
System errors:
=============
Error: (03/15/2014 01:27:51 PM) (Source: DCOM) (User: TOBIAS)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (03/15/2014 01:27:51 PM) (Source: DCOM) (User: TOBIAS)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (03/15/2014 01:27:51 PM) (Source: DCOM) (User: TOBIAS)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (03/13/2014 09:57:47 PM) (Source: DCOM) (User: TOBIAS)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (03/13/2014 09:57:42 PM) (Source: DCOM) (User: TOBIAS)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (03/13/2014 09:57:42 PM) (Source: DCOM) (User: TOBIAS)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (03/12/2014 10:38:54 PM) (Source: DCOM) (User: TOBIAS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (03/11/2014 02:17:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde mit dem folgenden dienstspezifischen Fehler beendet:
%%1
Error: (03/11/2014 02:17:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/11/2014 02:11:33 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Microsoft Office Sessions:
=========================
Error: (03/19/2014 06:04:07 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (03/19/2014 05:12:19 PM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
Error: (03/18/2014 06:48:54 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (03/17/2014 01:20:03 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (03/16/2014 00:19:44 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (03/16/2014 11:56:47 AM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
Error: (03/15/2014 03:38:37 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (03/15/2014 03:30:21 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (03/15/2014 01:27:57 PM) (Source: ATIeRecord)(User: )
Description:
Error: (03/15/2014 01:27:44 PM) (Source: ATIeRecord)(User: )
Description:
==================== Memory info ===========================
Percentage of memory in use: 88%
Total physical RAM: 3525 MB
Available physical RAM: 400.13 MB
Total Pagefile: 10181 MB
Available Pagefile: 3771.52 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:914.56 GB) (Free:870.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 043C093E)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-19 20:56:51
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e WDC_WD10JPVX-22JC3T0 rev.01.01A01 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Tobias\AppData\Local\Temp\kxldipod.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600006ce00 15 bytes [00, FA, 0E, 02, C0, 9C, 70, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff9600006ce10 11 bytes [00, 00, FC, FF, 80, FA, C0, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[6388] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffc12c169a 4 bytes [2C, C1, FF, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[6388] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffc12c16a2 4 bytes [2C, C1, FF, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[6388] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffc12c181a 4 bytes [2C, C1, FF, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[6388] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffc12c1832 4 bytes [2C, C1, FF, 7F]
.text C:\Program Files (x86)\RightSurf\bin\FilterApp_C64.exe[100220] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffc12c169a 4 bytes [2C, C1, FF, 7F]
.text C:\Program Files (x86)\RightSurf\bin\FilterApp_C64.exe[100220] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffc12c16a2 4 bytes [2C, C1, FF, 7F]
.text C:\Program Files (x86)\RightSurf\bin\FilterApp_C64.exe[100220] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffc12c181a 4 bytes [2C, C1, FF, 7F]
.text C:\Program Files (x86)\RightSurf\bin\FilterApp_C64.exe[100220] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffc12c1832 4 bytes [2C, C1, FF, 7F]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [824:936] 00007fffbd6e1b40
Thread C:\Windows\system32\svchost.exe [824:132044] 00007fffbf798a60
Thread C:\Windows\System32\svchost.exe [80:1100] 00007fffb9df1360
Thread C:\Windows\System32\svchost.exe [80:1148] 00007fffb950e054
Thread C:\Windows\System32\svchost.exe [80:1160] 00007fffb95bf100
Thread C:\Windows\System32\svchost.exe [80:1220] 00007fffb8e3ec38
Thread C:\Windows\System32\svchost.exe [80:1224] 00007fffb94f4954
Thread C:\Windows\System32\svchost.exe [80:3284] 00007fffbca50b0c
Thread C:\Windows\System32\svchost.exe [80:5748] 00007fffa4a47bb0
Thread C:\Windows\System32\svchost.exe [80:3336] 00007fffa4a44300
Thread C:\Windows\system32\svchost.exe [356:4856] 00007fffb7905340
Thread C:\Windows\system32\svchost.exe [356:217960] 00007fffb14b38e0
Thread C:\Windows\system32\svchost.exe [356:218044] 00007fffae7311b0
Thread C:\Windows\System32\svchost.exe [784:216812] 00007fffbd22ae6c
Thread C:\Windows\System32\spoolsv.exe [1496:6108] 00007fffb6b612f8
Thread C:\Windows\System32\spoolsv.exe [1496:6128] 00007fffb6b43118
Thread C:\Windows\System32\spoolsv.exe [1496:5188] 00007fffb6b43118
Thread C:\Windows\System32\spoolsv.exe [1496:3608] 00007fffb4115b3c
Thread C:\Windows\System32\spoolsv.exe [1496:5300] 00007fffab248140
Thread C:\Windows\system32\svchost.exe [1540:1968] 00007fffb78d2b90
Thread C:\Windows\system32\svchost.exe [1540:3104] 00007fffb78d67bc
Thread C:\Windows\system32\svchost.exe [1540:3324] 00007fffb6012110
Thread C:\Windows\system32\svchost.exe [1540:3368] 00007fffb5081584
Thread C:\Windows\system32\svchost.exe [1540:3396] 00007fffb5011b30
Thread C:\Windows\system32\svchost.exe [1540:4032] 00007fffb9ee4608
Thread C:\Windows\system32\svchost.exe [1540:4004] 00007fffb9ee1040
Thread C:\Windows\system32\svchost.exe [1908:112104] 00007fffb6b612f8
Thread C:\Windows\system32\svchost.exe [1908:17072] 00007fffb6b43118
Thread C:\Windows\system32\wbem\wmiprvse.exe [2476:3924] 00007fffb41bb828
Thread C:\Windows\system32\wbem\wmiprvse.exe [2476:217256] 00007fffb5f67f24
Thread C:\Windows\system32\csrss.exe [215368:215120] fffff960009984d0
Thread C:\Windows\Explorer.EXE [132284:217648] 00007fffbd241e40
Thread C:\Windows\Explorer.EXE [132284:217332] 00007fffbd49d6bc
Thread C:\Windows\Explorer.EXE [132284:216092] 00007fff9d255300
Thread C:\Windows\Explorer.EXE [132284:197140] 00007fff9d44a688
Thread C:\Windows\Explorer.EXE [132284:53968] 00007fff9d44a688
Thread C:\Windows\Explorer.EXE [132284:211156] 00007fff9d44a688
Thread C:\Windows\Explorer.EXE [132284:131312] 00007fff9d44a688
Thread C:\Windows\Explorer.EXE [132284:217656] 00007fffbd49d6bc
Thread C:\Windows\Explorer.EXE [132284:53176] 00007fffbd498c54
Thread C:\Windows\Explorer.EXE [132284:112576] 00007fffbf102764
Thread C:\Windows\Explorer.EXE [132284:111120] 00007fffbc521120
Thread C:\Windows\Explorer.EXE [132284:217940] 00007fffbd49d6bc
Thread C:\Windows\Explorer.EXE [132284:217980] 00007fffa5b6c904
Thread C:\Windows\Explorer.EXE [132284:132008] 00007fffac16a760
Thread C:\Windows\system32\taskhostex.exe [216836:215308] 00007fffbc3722a0
Thread C:\Windows\system32\taskhostex.exe [216836:53104] 00007fffbf2d9e7c
Thread C:\Windows\system32\taskhostex.exe [216836:216852] 00007fffbc352310
Thread C:\Windows\system32\taskhostex.exe [216836:133084] 00007fffbc521120
Thread C:\Windows\system32\taskhostex.exe [216836:217576] 00007fffb53d4b30
Thread C:\Windows\System32\skydrive.exe [217276:217540] 00007fffb9967bb0
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:133104] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:109004] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:216936] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:218024] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:384] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:216472] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:111520] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217720] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:216960] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:568] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:101780] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:197740] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:213640] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217756] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:216736] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217964] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:214388] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:1560] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:218040] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:216504] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:23868] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:168488] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:4688] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217856] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217628] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:216744] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:215148] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:216100] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217344] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:205440] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217220] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:256] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:218092] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:1132] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:131564] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217952] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:3268] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217892] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217460] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:111672] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217708] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:110648] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:23688] 00007fffb73a6274
---- Processes - GMER 2.1 ----
Process C:\ProgramData\WPM\wprotectmanager.exe (*** suspicious ***) @ C:\ProgramData\WPM\wprotectmanager.exe [1328] (WPM Service/Cherished Technololgy LIMITED)(2 0000000000f70000
Library C:\Users\Tobias\AppData\Local\Pokki\Engine\libPokki.dll (*** suspicious ***) @ C:\Users\Tobias\AppData\Local\Pokki\Engine\pokki.exe [217956] (Chromium/The Chromium Authors)(2013-11-01 05:28:28) 00000000607c0000
Library C:\Users\Tobias\AppData\Local\Pokki\Engine\icudt.dll (*** suspicious ***) @ C:\Users\Tobias\AppData\Local\Pokki\Engine\pokki.exe [217956] (ICU Data DLL/The ICU Project)(2013-09-07 02:11:12) 000000005fda0000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Vielen Dank  |
|
20.03.2014, 07:35
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8: Laptop plötzlich deutlich langsamer hi,
__________________Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
20.03.2014, 11:58
| #3 |
| | Windows 8: Laptop plötzlich deutlich langsamer Ich habe mit dem Revo Uninstaller alles, was in der Additional.txt mit ATTENTION markiert war deinstalliert, bis auf diese 2, die ich im Uninstaller nicht finden konnte:
__________________Task: {ABF7EEFC-BC03-41FF-9492-A5151D79AE3C} - System32\Tasks\Digital Sites => C:\Users\Tobias\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Tobias\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.20.02 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16521 Tobias :: TOBIAS [Administrator] Schutz: Aktiviert 20.03.2014 10:33:43 mbam-log-2014-03-20 (10-33-43).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 218374 Laufzeit: 9 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 4 C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe (PUP.Optional.RightSurf.A) -> 6364 -> Löschen bei Neustart. C:\Program Files (x86)\RightSurf\updateRightSurf.exe (PUP.Optional.RightSurf.A) -> 6508 -> Löschen bei Neustart. C:\Program Files (x86)\RightSurf\bin\FilterApp_C64.exe (PUP.Optional.RightSurf.A) -> 6924 -> Löschen bei Neustart. C:\Program Files (x86)\RightSurf\bin\XTLSApp.exe (PUP.Optional.RightSurf.A) -> 3600 -> Löschen bei Neustart. Infizierte Speichermodule: 2 C:\Program Files (x86)\RightSurf\bin\XTLS.dll (PUP.Optional.RightSurf.A) -> Löschen bei Neustart. C:\Program Files (x86)\RightSurf\bin\XTLSApp.dll (PUP.Optional.RightSurf.A) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 20 HKLM\SYSTEM\CurrentControlSet\Services\Util RightSurf (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\Update RightSurf (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{88be1aa9-6740-461c-9e3e-f35eb8fa741c} (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{a4f32137-598e-41b6-b601-9965084c8f08} (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{C64BA349-1F34-4BFC-8D23-A317279D0CB9} (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88BE1AA9-6740-461C-9E3E-F35EB8FA741C} (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{88BE1AA9-6740-461C-9E3E-F35EB8FA741C} (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SupTab (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\RightSurf (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\sweet-pageSoftware (PUP.Optional.SweetPage.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\RightSurf (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 28 C:\Program Files (x86)\SupTab (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\img (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\en-US (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\es-419 (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\es-ES (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\fr-BE (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\fr-CA (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\fr-CH (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\fr-FR (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\fr-LU (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\it-CH (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\it-IT (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\pl (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\pt-BR (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\ru (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\ru-MO (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\tr-TR (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\vi-VI (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\zh-CN (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\zh-TW (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tobias\AppData\Roaming\DigitalSites\UpdateProc (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf (PUP.Optional.RightSurf.A) -> Löschen bei Neustart. C:\Program Files (x86)\RightSurf\bin (PUP.Optional.RightSurf.A) -> Löschen bei Neustart. C:\Program Files (x86)\RightSurf\bin\plugins (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\bin\TEMP (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 78 C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe (PUP.Optional.RightSurf.A) -> Löschen bei Neustart. C:\Program Files (x86)\RightSurf\updateRightSurf.exe (PUP.Optional.RightSurf.A) -> Löschen bei Neustart. C:\Program Files (x86)\SupTab\SupTab.dll (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\RightSurfBHO.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tobias\AppData\Local\Temp\fullpackage_temp1391442450\package1.zip (PUP.Optional.SkyTech.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tobias\AppData\Local\Temp\fullpackage_temp1391442450\QQBrowserFrame.dll (PUP.Optional.SkyTech.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tobias\AppData\Local\Temp\fullpackage_temp1391442450\tmp\SupTab.exe (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tobias\AppData\Local\Temp\fullpackage_temp1391442450\tmp\wpm.exe (PUP.Optional.WpManager) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tobias\AppData\Local\Temp\is357113909\14748560_stp\rcpsetup_adppi14_adppi14.exe (PUP.Optional.RegCleanPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tobias\AppData\Local\Temp\is357113909\14748708_stp\RightSurfSetup.exe (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\install.data (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\BHOEnabler.exe (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\uninstall.exe (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\indexIE.html (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\indexIE8.html (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\skin.css (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\style.css (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\ver.txt (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\img\default_logo.png (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\img\google.com.png (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\img\icon128.png (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\img\icon16.png (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\img\icon48.png (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\img\loading.gif (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\js\background.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\js\ga.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\js\jquery-base.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\js\js.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\js\json2.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\js\xa.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\js\xagainit.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tobias\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tobias\AppData\Roaming\DigitalSites\UpdateProc\config.dat (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tobias\AppData\Roaming\DigitalSites\UpdateProc\info.dat (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tobias\AppData\Roaming\DigitalSites\UpdateProc\prod.dat (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tobias\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tobias\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\RightSurf.ico (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\7za.exe (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\RightSurf.BrowserFilter.Helper.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\RightSurfBrowserFilter.exe (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\RightSurfUninstall.exe (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\updateRightSurf.InstallState (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\bin\7za.exe (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\bin\BrowserAdapterS.7z (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\bin\FilterApp_C64.exe (PUP.Optional.RightSurf.A) -> Löschen bei Neustart. C:\Program Files (x86)\RightSurf\bin\RightSurf.BrowserFilter.Helper.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\bin\RightSurf.BrowserFilter.Helper.dll.old.e94a02a3-a747-46ae-bf24-0a01924a3a47 (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\bin\RightSurfBrowserFilter.exe (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\bin\utilRightSurf.InstallState (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\bin\XTLS.dll (PUP.Optional.RightSurf.A) -> Löschen bei Neustart. C:\Program Files (x86)\RightSurf\bin\XTLSApp.dll (PUP.Optional.RightSurf.A) -> Löschen bei Neustart. C:\Program Files (x86)\RightSurf\bin\XTLSApp.exe (PUP.Optional.RightSurf.A) -> Löschen bei Neustart. C:\Program Files (x86)\RightSurf\bin\plugins\RightSurf.BrowserAdapterS.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\bin\plugins\RightSurf.BrowserFilterG.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\bin\plugins\RightSurf.FFUpdate.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\bin\plugins\RightSurf.IEUpdate.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\bin\plugins\RightSurf.PurBrowseG.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 20/03/2014 um 11:16:23
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Tobias - TOBIAS
# Gestartet von : C:\Users\Tobias\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Tobias\AppData\Local\Pokki
Ordner Gelöscht : C:\Users\Tobias\AppData\Roaming\DigitalSites
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
Datei Gelöscht : C:\Windows\Tasks\Digital Sites.job
Datei Gelöscht : C:\Windows\System32\Tasks\Digital Sites
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RightSurf
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Google Chrome v33.0.1750.154
[ Datei : C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8414 octets] - [03/02/2014 17:02:44]
AdwCleaner[R1].txt - [8474 octets] - [03/02/2014 17:06:27]
AdwCleaner[R2].txt - [4822 octets] - [03/02/2014 17:22:53]
AdwCleaner[R3].txt - [4882 octets] - [04/02/2014 07:11:30]
AdwCleaner[R4].txt - [2119 octets] - [20/03/2014 11:14:49]
AdwCleaner[S0].txt - [6683 octets] - [03/02/2014 17:08:31]
AdwCleaner[S1].txt - [4116 octets] - [04/02/2014 07:15:12]
AdwCleaner[S2].txt - [1936 octets] - [20/03/2014 11:16:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1996 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by Tobias on 20.03.2014 at 11:33:57,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\apntbmon
~~~ Registry Keys
~~~ Files
~~~ Folders
Failed to delete: [Folder] "C:\ProgramData\apn"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.03.2014 at 11:44:42,80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Tobias (administrator) on TOBIAS on 20-03-2014 11:53:12
Running from C:\Users\Tobias\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\sdd.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKU\S-1-5-21-1653954418-1097860707-3373369385-1001\...\Run: [AcerCloud] - C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [18247424 2014-02-13] (Acer Incorporated)
HKU\S-1-5-21-1653954418-1097860707-3373369385-1001\...\RunOnce: [Application Restart #1] - C:\Users\Tobias\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Tobias\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
HKU\S-1-5-21-1653954418-1097860707-3373369385-1001\...\MountPoints2: {d041ba38-8d63-11e3-825b-3065ec2edea0} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-1653954418-1097860707-3373369385-1001\...\MountPoints2: {d041bf71-8d63-11e3-825b-3065ec2edea0} - "E:\HTC_Sync_Manager_PC.exe"
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {6F77DAF3-267F-49D8-B15C-054753F1E11A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 - {6F77DAF3-267F-49D8-B15C-054753F1E11A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKCU - {6F77DAF3-267F-49D8-B15C-054753F1E11A} URL =
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-05]
CHR Extension: (Google Drive) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-05]
CHR Extension: (YouTube) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-05]
CHR Extension: (Google-Suche) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-05]
CHR Extension: (AdBlock) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-05]
CHR Extension: (Google Wallet) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-05]
CHR Extension: (Google Mail) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-05]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2797312 2013-12-06] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-14] (StdLib)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-20 11:44 - 2014-03-20 11:44 - 00000902 _____ () C:\Users\Tobias\Desktop\JRT.txt
2014-03-20 11:33 - 2014-03-20 11:33 - 00000000 ____D () C:\Windows\ERUNT
2014-03-20 11:26 - 2014-03-20 11:26 - 01037734 _____ (Thisisu) C:\Users\Tobias\Desktop\JRT.exe
2014-03-20 11:16 - 2014-03-20 11:17 - 00002080 _____ () C:\Users\Tobias\Desktop\AdwCleaner[S2].txt
2014-03-20 11:14 - 2014-03-20 11:14 - 01950720 _____ () C:\Users\Tobias\Desktop\adwcleaner.exe
2014-03-20 10:31 - 2014-03-20 10:31 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-20 10:31 - 2014-03-20 10:31 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Malwarebytes
2014-03-20 10:31 - 2014-03-20 10:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-20 10:31 - 2014-03-20 10:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-20 10:31 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-20 09:53 - 2014-03-20 09:53 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tobias\Downloads\revosetup95.exe
2014-03-20 09:53 - 2014-03-20 09:53 - 00001288 _____ () C:\Users\Tobias\Desktop\Revo Uninstaller.lnk
2014-03-20 09:53 - 2014-03-20 09:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-19 20:56 - 2014-03-19 20:56 - 00024753 _____ () C:\Users\Tobias\Desktop\Gmer.txt
2014-03-19 18:26 - 2014-03-19 18:32 - 00027101 _____ () C:\Users\Tobias\Desktop\Addition.txt
2014-03-19 18:20 - 2014-03-20 11:53 - 00016944 _____ () C:\Users\Tobias\Desktop\FRST.txt
2014-03-19 18:18 - 2014-03-20 11:53 - 00000000 ____D () C:\FRST
2014-03-19 18:10 - 2014-03-19 18:11 - 00000474 _____ () C:\Users\Tobias\Desktop\defogger_disable.log
2014-03-19 18:10 - 2014-03-19 18:10 - 00000000 _____ () C:\Users\Tobias\defogger_reenable
2014-03-19 18:08 - 2014-03-19 18:09 - 02157056 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64.exe
2014-03-19 18:08 - 2014-03-19 18:09 - 00380416 _____ () C:\Users\Tobias\Desktop\Gmer-19357.exe
2014-03-19 18:08 - 2014-03-19 18:08 - 00050477 _____ () C:\Users\Tobias\Desktop\Defogger.exe
2014-03-14 15:54 - 2014-03-14 15:54 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-12 20:26 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 20:26 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 20:26 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 20:26 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 20:26 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 20:26 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 20:26 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 20:26 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 20:26 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 20:26 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 20:26 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 20:26 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 20:26 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 20:26 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 20:26 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 20:26 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 20:26 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 20:26 - 2014-01-31 17:15 - 00311640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-03-12 20:26 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-03-12 20:26 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-03-12 20:26 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-03-12 20:26 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2014-03-12 20:26 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-03-12 20:26 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2014-03-12 20:26 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2014-03-12 20:26 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2014-03-12 20:26 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-12 20:26 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2014-03-12 20:26 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2014-03-12 20:26 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2014-03-12 20:26 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-03-12 20:26 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-03-12 20:26 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2014-03-12 20:26 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-12 20:26 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2014-03-12 20:26 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-12 20:26 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2014-03-12 20:26 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-12 20:26 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2014-03-12 20:26 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-12 20:26 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-12 20:26 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2014-03-12 20:26 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2014-03-12 20:26 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-12 20:26 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-12 20:26 - 2014-01-27 12:45 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-03-12 20:26 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-03-12 20:26 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-03-12 20:26 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-03-12 20:26 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2014-03-12 20:26 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-03-12 20:26 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-03-12 20:25 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-12 20:25 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-03-12 20:25 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-12 20:24 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 20:24 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 20:24 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-02-21 15:58 - 2014-03-10 12:28 - 00008235 _____ () C:\Users\Tobias\Documents\FifaKM.xlsx
2014-02-21 15:58 - 2014-02-21 15:58 - 00000000 ____D () C:\Users\Tobias\Documents\Benutzerdefinierte Office-Vorlagen
2014-02-18 10:50 - 2014-02-18 10:51 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\.technic
2014-02-18 10:49 - 2014-02-18 10:50 - 02346186 _____ () C:\Users\Tobias\Desktop\TechnicLauncher.exe
==================== One Month Modified Files and Folders =======
2014-03-20 11:53 - 2014-03-19 18:20 - 00016944 _____ () C:\Users\Tobias\Desktop\FRST.txt
2014-03-20 11:53 - 2014-03-19 18:18 - 00000000 ____D () C:\FRST
2014-03-20 11:52 - 2014-02-03 11:59 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4856305F-85FF-4896-8E1F-D88A082D12E7}
2014-03-20 11:44 - 2014-03-20 11:44 - 00000902 _____ () C:\Users\Tobias\Desktop\JRT.txt
2014-03-20 11:41 - 2014-02-03 11:46 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1653954418-1097860707-3373369385-1001
2014-03-20 11:33 - 2014-03-20 11:33 - 00000000 ____D () C:\Windows\ERUNT
2014-03-20 11:32 - 2014-01-06 20:05 - 01334813 _____ () C:\Windows\WindowsUpdate.log
2014-03-20 11:26 - 2014-03-20 11:26 - 01037734 _____ (Thisisu) C:\Users\Tobias\Desktop\JRT.exe
2014-03-20 11:25 - 2014-02-04 17:42 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Deployment
2014-03-20 11:25 - 2014-02-03 17:02 - 00000000 ____D () C:\AdwCleaner
2014-03-20 11:22 - 2014-02-03 12:59 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-20 11:20 - 2014-02-03 11:45 - 00000000 __RDO () C:\Users\Tobias\SkyDrive
2014-03-20 11:19 - 2014-02-03 12:59 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-20 11:18 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-20 11:17 - 2014-03-20 11:16 - 00002080 _____ () C:\Users\Tobias\Desktop\AdwCleaner[S2].txt
2014-03-20 11:14 - 2014-03-20 11:14 - 01950720 _____ () C:\Users\Tobias\Desktop\adwcleaner.exe
2014-03-20 11:14 - 2014-02-03 12:59 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-20 11:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-03-20 10:54 - 2013-09-06 07:58 - 00036132 _____ () C:\Windows\PFRO.log
2014-03-20 10:54 - 2013-08-22 14:25 - 00000222 _____ () C:\Windows\win.ini
2014-03-20 10:31 - 2014-03-20 10:31 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-20 10:31 - 2014-03-20 10:31 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Malwarebytes
2014-03-20 10:31 - 2014-03-20 10:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-20 10:31 - 2014-03-20 10:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-20 10:21 - 2014-02-03 16:49 - 00000111 _____ () C:\Users\Tobias\AppData\Roaming\WB.CFG
2014-03-20 09:58 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-03-20 09:53 - 2014-03-20 09:53 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tobias\Downloads\revosetup95.exe
2014-03-20 09:53 - 2014-03-20 09:53 - 00001288 _____ () C:\Users\Tobias\Desktop\Revo Uninstaller.lnk
2014-03-20 09:53 - 2014-03-20 09:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-19 20:56 - 2014-03-19 20:56 - 00024753 _____ () C:\Users\Tobias\Desktop\Gmer.txt
2014-03-19 18:32 - 2014-03-19 18:26 - 00027101 _____ () C:\Users\Tobias\Desktop\Addition.txt
2014-03-19 18:30 - 2014-02-04 17:10 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-19 18:11 - 2014-03-19 18:10 - 00000474 _____ () C:\Users\Tobias\Desktop\defogger_disable.log
2014-03-19 18:10 - 2014-03-19 18:10 - 00000000 _____ () C:\Users\Tobias\defogger_reenable
2014-03-19 18:10 - 2014-02-03 11:37 - 00000000 ____D () C:\Users\Tobias
2014-03-19 18:09 - 2014-03-19 18:08 - 02157056 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64.exe
2014-03-19 18:09 - 2014-03-19 18:08 - 00380416 _____ () C:\Users\Tobias\Desktop\Gmer-19357.exe
2014-03-19 18:08 - 2014-03-19 18:08 - 00050477 _____ () C:\Users\Tobias\Desktop\Defogger.exe
2014-03-18 20:52 - 2014-01-06 20:19 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-03-18 18:23 - 2014-02-16 13:45 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\.minecraft
2014-03-15 18:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-03-15 13:38 - 2014-01-07 04:50 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-03-15 13:38 - 2014-01-07 04:50 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-03-15 13:38 - 2013-09-06 08:08 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-15 13:32 - 2013-08-22 15:44 - 00473704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-15 13:31 - 2014-02-12 21:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 13:31 - 2014-02-12 21:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-15 13:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-15 13:29 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 13:29 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 13:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-15 13:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-14 15:54 - 2014-03-14 15:54 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-13 19:48 - 2013-08-22 15:46 - 00160485 _____ () C:\Windows\setupact.log
2014-03-10 12:28 - 2014-02-21 15:58 - 00008235 _____ () C:\Users\Tobias\Documents\FifaKM.xlsx
2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-01 07:05 - 2014-03-12 20:26 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 05:58 - 2014-03-12 20:26 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:30 - 2014-03-12 20:26 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:17 - 2014-03-12 20:26 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 04:54 - 2014-03-12 20:26 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:47 - 2014-03-12 20:26 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:42 - 2014-03-12 20:26 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:18 - 2014-03-12 20:26 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:14 - 2014-03-12 20:26 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 20:26 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 20:26 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 03:57 - 2014-03-12 20:26 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 20:26 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 20:26 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 20:26 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 20:26 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 20:26 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-21 15:58 - 2014-02-21 15:58 - 00000000 ____D () C:\Users\Tobias\Documents\Benutzerdefinierte Office-Vorlagen
2014-02-19 21:01 - 2014-02-03 11:40 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Packages
2014-02-18 11:09 - 2014-02-03 12:59 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-18 11:09 - 2014-02-03 12:59 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-18 10:51 - 2014-02-18 10:50 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\.technic
2014-02-18 10:50 - 2014-02-18 10:49 - 02346186 _____ () C:\Users\Tobias\Desktop\TechnicLauncher.exe
Some content of TEMP:
====================
C:\Users\Tobias\AppData\Local\Temp\avgnt.exe
C:\Users\Tobias\AppData\Local\Temp\BackupSetup.exe
C:\Users\Tobias\AppData\Local\Temp\octFEF1.tmp.exe
C:\Users\Tobias\AppData\Local\Temp\Offercast_AVIRAV7_.exe
C:\Users\Tobias\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Tobias\AppData\Local\Temp\Quarantine.exe
C:\Users\Tobias\AppData\Local\Temp\Setup.X86.de-DE_O365HomePremRetail_b46f46a3-4166-4c9d-a30f-21dfb2cfdffe_TX_DB_.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-12 20:26] - [2014-01-31 17:15] - 0311640 ____A (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
LastRegBack: 2014-03-15 18:12
==================== End Of Log ============================
|
|
20.03.2014, 12:15
| #4 |
| /// the machine /// TB-Ausbilder | Windows 8: Laptop plötzlich deutlich langsamer passt ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.03.2014, 14:36
| #5 |
| | Windows 8: Laptop plötzlich deutlich langsamerCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=91ed34b31625c042ba8647ed43e94074
# engine=17525
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-20 01:11:26
# local_time=2014-03-20 02:11:26 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=1799 16775165 100 94 19180 8739248 11924 0
# compatibility_mode=5893 16776574 100 94 438129 20202379 0 0
# scanned=140198
# found=0
# cleaned=0
# scan_time=5898
Code:
ATTFilter Results of screen317's Security Check version 0.99.80 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Windows Defender Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 51 Google Chrome 33.0.1750.146 Google Chrome 33.0.1750.154 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Tobias (administrator) on TOBIAS on 20-03-2014 14:20:00
Running from C:\Users\Tobias\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\sdd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKU\S-1-5-21-1653954418-1097860707-3373369385-1001\...\Run: [AcerCloud] - C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [18247424 2014-02-13] (Acer Incorporated)
HKU\S-1-5-21-1653954418-1097860707-3373369385-1001\...\RunOnce: [Application Restart #1] - C:\Users\Tobias\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Tobias\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
HKU\S-1-5-21-1653954418-1097860707-3373369385-1001\...\MountPoints2: {d041ba38-8d63-11e3-825b-3065ec2edea0} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-1653954418-1097860707-3373369385-1001\...\MountPoints2: {d041bf71-8d63-11e3-825b-3065ec2edea0} - "E:\HTC_Sync_Manager_PC.exe"
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {6F77DAF3-267F-49D8-B15C-054753F1E11A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 - {6F77DAF3-267F-49D8-B15C-054753F1E11A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKCU - {6F77DAF3-267F-49D8-B15C-054753F1E11A} URL =
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-05]
CHR Extension: (Google Drive) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-05]
CHR Extension: (YouTube) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-05]
CHR Extension: (Google-Suche) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-05]
CHR Extension: (AdBlock) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-05]
CHR Extension: (Google Wallet) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-05]
CHR Extension: (Google Mail) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-05]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2797312 2013-12-06] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-14] (StdLib)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-20 12:27 - 2014-03-20 12:27 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-20 12:26 - 2014-03-20 12:26 - 00987442 _____ () C:\Users\Tobias\Desktop\SecurityCheck.exe
2014-03-20 12:24 - 2014-03-20 12:25 - 02347384 _____ (ESET) C:\Users\Tobias\Desktop\esetsmartinstaller_enu.exe
2014-03-20 11:54 - 2014-03-20 11:54 - 00035546 _____ () C:\Users\Tobias\Desktop\FRST2.txt
2014-03-20 11:44 - 2014-03-20 11:44 - 00000902 _____ () C:\Users\Tobias\Desktop\JRT.txt
2014-03-20 11:33 - 2014-03-20 11:33 - 00000000 ____D () C:\Windows\ERUNT
2014-03-20 11:26 - 2014-03-20 11:26 - 01037734 _____ (Thisisu) C:\Users\Tobias\Desktop\JRT.exe
2014-03-20 11:16 - 2014-03-20 11:17 - 00002080 _____ () C:\Users\Tobias\Desktop\AdwCleaner[S2].txt
2014-03-20 11:14 - 2014-03-20 11:14 - 01950720 _____ () C:\Users\Tobias\Desktop\adwcleaner.exe
2014-03-20 10:31 - 2014-03-20 10:31 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-20 10:31 - 2014-03-20 10:31 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Malwarebytes
2014-03-20 10:31 - 2014-03-20 10:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-20 10:31 - 2014-03-20 10:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-20 10:31 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-20 09:53 - 2014-03-20 09:53 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tobias\Downloads\revosetup95.exe
2014-03-20 09:53 - 2014-03-20 09:53 - 00001288 _____ () C:\Users\Tobias\Desktop\Revo Uninstaller.lnk
2014-03-20 09:53 - 2014-03-20 09:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-19 20:56 - 2014-03-19 20:56 - 00024753 _____ () C:\Users\Tobias\Desktop\Gmer.txt
2014-03-19 18:26 - 2014-03-19 18:32 - 00027101 _____ () C:\Users\Tobias\Desktop\Addition.txt
2014-03-19 18:20 - 2014-03-20 14:20 - 00017001 _____ () C:\Users\Tobias\Desktop\FRST.txt
2014-03-19 18:18 - 2014-03-20 11:53 - 00000000 ____D () C:\FRST
2014-03-19 18:10 - 2014-03-19 18:11 - 00000474 _____ () C:\Users\Tobias\Desktop\defogger_disable.log
2014-03-19 18:10 - 2014-03-19 18:10 - 00000000 _____ () C:\Users\Tobias\defogger_reenable
2014-03-19 18:08 - 2014-03-19 18:09 - 02157056 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64.exe
2014-03-19 18:08 - 2014-03-19 18:09 - 00380416 _____ () C:\Users\Tobias\Desktop\Gmer-19357.exe
2014-03-19 18:08 - 2014-03-19 18:08 - 00050477 _____ () C:\Users\Tobias\Desktop\Defogger.exe
2014-03-14 15:54 - 2014-03-14 15:54 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-12 20:26 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 20:26 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 20:26 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 20:26 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 20:26 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 20:26 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 20:26 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 20:26 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 20:26 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 20:26 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 20:26 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 20:26 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 20:26 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 20:26 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 20:26 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 20:26 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 20:26 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 20:26 - 2014-01-31 17:15 - 00311640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-03-12 20:26 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-03-12 20:26 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-03-12 20:26 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-03-12 20:26 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2014-03-12 20:26 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-03-12 20:26 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2014-03-12 20:26 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2014-03-12 20:26 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2014-03-12 20:26 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-12 20:26 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2014-03-12 20:26 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2014-03-12 20:26 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2014-03-12 20:26 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-03-12 20:26 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-03-12 20:26 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2014-03-12 20:26 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-12 20:26 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2014-03-12 20:26 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-12 20:26 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2014-03-12 20:26 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-12 20:26 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2014-03-12 20:26 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-12 20:26 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-12 20:26 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2014-03-12 20:26 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2014-03-12 20:26 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-12 20:26 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-12 20:26 - 2014-01-27 12:45 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-03-12 20:26 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-03-12 20:26 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-03-12 20:26 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-03-12 20:26 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2014-03-12 20:26 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-03-12 20:26 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-03-12 20:25 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-12 20:25 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-03-12 20:25 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-12 20:24 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 20:24 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 20:24 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-02-21 15:58 - 2014-03-10 12:28 - 00008235 _____ () C:\Users\Tobias\Documents\FifaKM.xlsx
2014-02-21 15:58 - 2014-02-21 15:58 - 00000000 ____D () C:\Users\Tobias\Documents\Benutzerdefinierte Office-Vorlagen
2014-02-18 10:50 - 2014-02-18 10:51 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\.technic
2014-02-18 10:49 - 2014-02-18 10:50 - 02346186 _____ () C:\Users\Tobias\Desktop\TechnicLauncher.exe
==================== One Month Modified Files and Folders =======
2014-03-20 14:20 - 2014-03-19 18:20 - 00017001 _____ () C:\Users\Tobias\Desktop\FRST.txt
2014-03-20 14:20 - 2014-03-19 18:18 - 00000000 ____D () C:\FRST
2014-03-20 14:14 - 2014-02-03 12:59 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-20 14:12 - 2014-02-03 11:59 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4856305F-85FF-4896-8E1F-D88A082D12E7}
2014-03-20 14:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-03-20 13:45 - 2014-01-06 20:05 - 01365664 _____ () C:\Windows\WindowsUpdate.log
2014-03-20 12:27 - 2014-03-20 12:27 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-20 12:26 - 2014-03-20 12:26 - 00987442 _____ () C:\Users\Tobias\Desktop\SecurityCheck.exe
2014-03-20 12:25 - 2014-03-20 12:24 - 02347384 _____ (ESET) C:\Users\Tobias\Desktop\esetsmartinstaller_enu.exe
2014-03-20 11:58 - 2014-02-03 11:46 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1653954418-1097860707-3373369385-1001
2014-03-20 11:54 - 2014-03-20 11:54 - 00035546 _____ () C:\Users\Tobias\Desktop\FRST2.txt
2014-03-20 11:54 - 2014-02-04 17:42 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Deployment
2014-03-20 11:44 - 2014-03-20 11:44 - 00000902 _____ () C:\Users\Tobias\Desktop\JRT.txt
2014-03-20 11:33 - 2014-03-20 11:33 - 00000000 ____D () C:\Windows\ERUNT
2014-03-20 11:26 - 2014-03-20 11:26 - 01037734 _____ (Thisisu) C:\Users\Tobias\Desktop\JRT.exe
2014-03-20 11:25 - 2014-02-03 17:02 - 00000000 ____D () C:\AdwCleaner
2014-03-20 11:22 - 2014-02-03 12:59 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-20 11:20 - 2014-02-03 11:45 - 00000000 __RDO () C:\Users\Tobias\SkyDrive
2014-03-20 11:19 - 2014-02-03 12:59 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-20 11:18 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-20 11:17 - 2014-03-20 11:16 - 00002080 _____ () C:\Users\Tobias\Desktop\AdwCleaner[S2].txt
2014-03-20 11:14 - 2014-03-20 11:14 - 01950720 _____ () C:\Users\Tobias\Desktop\adwcleaner.exe
2014-03-20 10:54 - 2013-09-06 07:58 - 00036132 _____ () C:\Windows\PFRO.log
2014-03-20 10:54 - 2013-08-22 14:25 - 00000222 _____ () C:\Windows\win.ini
2014-03-20 10:31 - 2014-03-20 10:31 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-20 10:31 - 2014-03-20 10:31 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Malwarebytes
2014-03-20 10:31 - 2014-03-20 10:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-20 10:31 - 2014-03-20 10:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-20 10:21 - 2014-02-03 16:49 - 00000111 _____ () C:\Users\Tobias\AppData\Roaming\WB.CFG
2014-03-20 09:58 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-03-20 09:53 - 2014-03-20 09:53 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tobias\Downloads\revosetup95.exe
2014-03-20 09:53 - 2014-03-20 09:53 - 00001288 _____ () C:\Users\Tobias\Desktop\Revo Uninstaller.lnk
2014-03-20 09:53 - 2014-03-20 09:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-19 20:56 - 2014-03-19 20:56 - 00024753 _____ () C:\Users\Tobias\Desktop\Gmer.txt
2014-03-19 18:32 - 2014-03-19 18:26 - 00027101 _____ () C:\Users\Tobias\Desktop\Addition.txt
2014-03-19 18:30 - 2014-02-04 17:10 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-19 18:11 - 2014-03-19 18:10 - 00000474 _____ () C:\Users\Tobias\Desktop\defogger_disable.log
2014-03-19 18:10 - 2014-03-19 18:10 - 00000000 _____ () C:\Users\Tobias\defogger_reenable
2014-03-19 18:10 - 2014-02-03 11:37 - 00000000 ____D () C:\Users\Tobias
2014-03-19 18:09 - 2014-03-19 18:08 - 02157056 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64.exe
2014-03-19 18:09 - 2014-03-19 18:08 - 00380416 _____ () C:\Users\Tobias\Desktop\Gmer-19357.exe
2014-03-19 18:08 - 2014-03-19 18:08 - 00050477 _____ () C:\Users\Tobias\Desktop\Defogger.exe
2014-03-18 20:52 - 2014-01-06 20:19 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-03-18 18:23 - 2014-02-16 13:45 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\.minecraft
2014-03-15 18:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-03-15 13:38 - 2014-01-07 04:50 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-03-15 13:38 - 2014-01-07 04:50 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-03-15 13:38 - 2013-09-06 08:08 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-15 13:32 - 2013-08-22 15:44 - 00473704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-15 13:31 - 2014-02-12 21:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 13:31 - 2014-02-12 21:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-15 13:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-15 13:29 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 13:29 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 13:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-15 13:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-14 15:54 - 2014-03-14 15:54 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-13 19:48 - 2013-08-22 15:46 - 00160485 _____ () C:\Windows\setupact.log
2014-03-10 12:28 - 2014-02-21 15:58 - 00008235 _____ () C:\Users\Tobias\Documents\FifaKM.xlsx
2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-01 07:05 - 2014-03-12 20:26 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 05:58 - 2014-03-12 20:26 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:30 - 2014-03-12 20:26 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:17 - 2014-03-12 20:26 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 04:54 - 2014-03-12 20:26 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:47 - 2014-03-12 20:26 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:42 - 2014-03-12 20:26 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:18 - 2014-03-12 20:26 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:14 - 2014-03-12 20:26 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 20:26 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 20:26 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 03:57 - 2014-03-12 20:26 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 20:26 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 20:26 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 20:26 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 20:26 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 20:26 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-21 15:58 - 2014-02-21 15:58 - 00000000 ____D () C:\Users\Tobias\Documents\Benutzerdefinierte Office-Vorlagen
2014-02-19 21:01 - 2014-02-03 11:40 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Packages
2014-02-18 11:09 - 2014-02-03 12:59 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-18 11:09 - 2014-02-03 12:59 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-18 10:51 - 2014-02-18 10:50 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\.technic
2014-02-18 10:50 - 2014-02-18 10:49 - 02346186 _____ () C:\Users\Tobias\Desktop\TechnicLauncher.exe
Some content of TEMP:
====================
C:\Users\Tobias\AppData\Local\Temp\avgnt.exe
C:\Users\Tobias\AppData\Local\Temp\BackupSetup.exe
C:\Users\Tobias\AppData\Local\Temp\octFEF1.tmp.exe
C:\Users\Tobias\AppData\Local\Temp\Offercast_AVIRAV7_.exe
C:\Users\Tobias\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Tobias\AppData\Local\Temp\Quarantine.exe
C:\Users\Tobias\AppData\Local\Temp\Setup.X86.de-DE_O365HomePremRetail_b46f46a3-4166-4c9d-a30f-21dfb2cfdffe_TX_DB_.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-12 20:26] - [2014-01-31 17:15] - 0311640 ____A (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
LastRegBack: 2014-03-15 18:12
==================== End Of Log ============================
--- --- --- Ja, alles wieder normal Vielen Dank!  |
|
21.03.2014, 10:39
| #6 |
| /// the machine /// TB-Ausbilder | Windows 8: Laptop plötzlich deutlich langsamer Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Windows 8: Laptop plötzlich deutlich langsamer |
|
21.03.2014, 19:50
| #7 |
| | Windows 8: Laptop plötzlich deutlich langsamer Ok, habe alles erledigt. Vielen, vielen Dank!! |
|
22.03.2014, 18:57
| #8 |
| /// the machine /// TB-Ausbilder | Windows 8: Laptop plötzlich deutlich langsamer Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 8: Laptop plötzlich deutlich langsamer |
| adobe, avira, branding, fehler, iexplore.exe, installation, launch, office 365, pokki, problem, pup.optional.regcleanpro, pup.optional.rightsurf.a, pup.optional.skytech.a, pup.optional.suptab.a, pup.optional.sweetpage.a, pup.optional.updater, pup.optional.wpmanager, rundll, services.exe, svchost.exe, sweet-page, sweet-page entfernen, sweetpage, sweetpage entfernen, system, wildtangent games, wlan |
